CVE-2024-52005

CVE-2024-52005 affects Git via ANSI escape sequence injections in the sideband channel. A PoC demonstrates exploitation; affected versions include pre-2.48.1, 2.47.3, 2.46.5, 2.45.4, and 2.44.3. Impacts include hiding/misrepresenting output, fake security prompts, social‑engineering payloads, and...

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the error message display mechanism. An attacker can inject malicious scripts that are executed in the user's browser by...

GHSA-MQF3-QPC3-G26Q Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

!IMPORTANT This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developerguides/debugging/environmenttypes/ for...

Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

!IMPORTANT This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developerguides/debugging/environmenttypes/ for...

CVE-2024-52898 IBM MQ information disclosure

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned...

CVE-2024-52898

CVE-2024-52898 affects IBM MQ web consoles (9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD). The flaw stems from generating detailed error messages that disclose sensitive information (CWE-209), allowing a local user to obtain sensitive data. IBM’s security bulletins list the vulnerability within the IBM MQ Co...

PT-2025-5641 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue affects sites in the "dev" environment mode, allowing an XSS payload to be executed in the resulting error message when a specifically crafted URL is provided. This is a...

CVE-2022-22363 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2022-22363

Summary: CVE-2022-22363 affects IBM Cognos Controller 11.0.0–11.0.1 and IBM Controller 11.1.0, where a remote attacker could obtain sensitive information via detailed browser error messages. Root cause: exposure of detailed error information in the web interface. Impact (as described): informatio...

CVE-2021-20455 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-52893

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-52893

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-52893 IBM Concert Software information disclosure

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-52893 IBM Concert Software information disclosure

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

CVE-2024-52893

CVE-2024-52893 affects IBM Concert Software versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3. The issue can allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser, which could be leveraged in subsequent attacks. IBM’s security bu...

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421...

Progress Sitefinity 安全漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets from Progress, Inc. in the United States. A security vulnerability exists in Progress Sitefinity, which stems from an error message vulnerability that could lead to information disclosure...

CVE-2024-5591

IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...