17 matches found
EUVD-2010-4023
Malware in sbrugna...
EUVD-2018-2284
Malware in sbrugna...
EUVD-2024-22493
Malicious code in bioql PyPI...
CVE-2025-56762
Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting XSS in error.php...
CVE-2013-4098
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter...
CVE-2022-31734
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.250SY...
CFP Time: Content spoofing on error pages or text injection
Poc: https://www.cfptime.org/%20is%20not%20available%20anymore%20,%20pls%20go%20to%20WWW.EVIL.COM%20because%20this%20site. Steps to reproduce: 1: Just browse this target on any browser 2: Target: http://www.cfptime.org/ 3: add any content after For example: this is not available anymore pls check...
Apache Sling API and Servlets Post components vulnerable to cross-site scripting
Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script...
CVE-2002-2165
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox...
Crossite scripting in AN HTTPD
AN HTTPD shows an error page if a client sends a request containing ":" in the URI field. The problem occurs due to the fact that this URI is injected into the error page without being sanitized...
NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link,...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in HTTP error page results
Overview Visitors to web sites that use Microsoft IIS and also use the default error pages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting from...
CVE-2001-0947
Forms.exe CGI program in ValiCert Enterprise Validation Authority EVA 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path...
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of th...
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...
Netscape PublishingXPert 2.02.22.5 - Local File Reading
Netscape PublishingXPert 2.02.22.5 - Local File Reading // source: https://www.securityfocus.com/bid/2920/info Netscape PublishingXpert is an e-commerce application distributed by Netscape. PublishingXpert manages user information, sending them special ads and personalized content. PSCOErrPage.ht...