Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error message display mechanism. An attacker can inject malicious scripts that are executed in the user's browser by...

SUSE-SU-2018:1507-1 Security update for zziplib

This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-6542: Reject file if the size of the central directory is too big and display an error message bsc1079094...

douphp /cache 目录物理路径泄漏

漏洞分析 漏洞文件 cache目录下的所有文件 如：admin/backup.htm.php php tplvars'lang''home'; ?//会引起报错 2. 漏洞利用 直接访问 http://www.douco.com/cache/admin/backup.htm.php 然后查看网页源码，泄漏物理路径 3. 漏洞修复 关闭错误信息显示...

cumin: multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...