Algernon: Single-file mode unconditionally enables debug mode

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

GHSA-8RRQ-WCG8-CV5Q OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

CVE-2022-50587

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-50587

CVE-2022-50587 affects Nagios XI prior to 5.8.9. The issue is a stored XSS via the Apply Configuration error text, caused by insufficient validation/escaping of user input in configuration commands. Impact is arbitrary script execution in a victim’s browser when the error text is processed. The p...

EUVD-2010-2171

Malware in sbrugna...

PT-2023-11822 · Unknown · Geni Portal

Name of the Vulnerable Software and Affected Versions: GENI Portal affected versions not specified Description: A problematic issue was found in GENI Portal, affecting some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the error argument leads to cross-si...

Mozilla Firefox URL spoofing

It's possible to spoof error text on invalid URL...

CVE-2007-4530

Multiple cross-site scripting XSS vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via 1 the errortext parameter to errorbox.html or 2 the oktitle parameter to okbox.html...