365 matches found
CVE-2025-9229
MiR software (Mobile Industrial Robots MiR controllers/robotics ecosystem) is affected prior to version 3.0.0. The issue is an information-disclosure vulnerability rooted in the error handling mechanism, which allows unauthenticated attackers to access verbose error pages and view detailed data s...
CVE-2025-9229 Information Disclosure in MiR robots and MiR fleet through verbose error pages
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...
CVE-2025-9229 Information Disclosure in MiR robots and MiR fleet through verbose error pages
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...
Linux Distros Unpatched Vulnerability : CVE-2017-5664
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the...
Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload
Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404...
CVE-2023-27998
A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...
CVE-2022-32269
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages displayed by Internet Explorer core. This leads to arbitrary code execution...
CVE-2020-6254
SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting...
CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content...
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...
GHSA-RHXM-R44M-4325 Drupal Ignition Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS. This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
Drupal Ignition Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS. This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
CVE-2025-31679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS.This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
CVE-2025-31679 Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS.This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
CVE-2025-31679 Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS.This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
CVE-2025-31679 Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting XSS.This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4...
Drupal Ignition Error Pages 跨站脚本漏洞
Drupal Ignition Error Pages is a module of the Drupal community that provides custom error pages e.g. 404, 500, etc. to improve the user experience. A cross-site scripting vulnerability exists in Drupal Ignition Error Pages versions prior to 1.0.4, which stems from improper input neutralization a...
PT-2025-13843 · Drupal · Ignition Error Pages
Name of the Vulnerable Software and Affected Versions: Ignition Error Pages versions 0.0.0 through 1.0.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, in Drupal Ignition Error Pages. This allows for...
Linux Distros Unpatched Vulnerability : CVE-2018-10547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS ...
Octopus Server 安全漏洞
Octopus Server is a deployment automation and release management tool for continuous delivery from Octopus Australia. A security vulnerability exists in Octopus Server that stems from insecure handling of error messages on error pages...