Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of error messages. An attacker can inject malicious scripts that are executed in the context of the user's browser session. Details Cross-si...

CVE-2024-43439 Moodle: reflected xss via h5p error message

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...

CVE-2024-43439 Moodle: reflected xss via h5p error message

A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting XSS risk...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from an H5P error message that requires additional cleanup to prevent...

CVE-2024-30141

HCL BigFix Compliance is affected by CVE-2024-30141, where error messages can disclose sensitive information about the environment, users, or data. The issue is described as: generation of detailed/enticing error messages leading to information disclosure. The CVSS details indicate a network-atta...

Security Bulletin: IBM Security Guardium Key Lifecycle Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Guardium Key Lifecycle Manager. Vulnerability Details CVEID:CVE-2024-49817 DESCRIPTION: IBM Security Guardium Key Lifecycle Manager stores user credentials in configuration files which can be read by a loc...

CVE-2024-52043 User enumeration in HubHub

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation user enumeration.This issue affects all released HumHub versions: through 1.16.2...

Security Bulletin: IBM Sterling Control Center is vulnerable to Content spoofing

Summary IBM Sterling Control Center is vulnerable to Content Spoofing in v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35111 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:8886)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8886 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

CVE-2024-51560 Improper Error Handling Vulnerability in Wave 2.0

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing invalid inputs for “userId” parameter in the API request leading to generation of error message...

Brokerage Wave 安全漏洞

Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from an exception mishandling of invalid inputs by an API endpoint, which allows an attacker to generate an error message containing sensitive information about the...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

Security update for 389-ds

This update for 389-ds fixes the following issues: Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 Re-enable use of .dsrc basedn for dsidm commands bsc1231462 Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

CVE-2024-50512

Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through = 3.10.2...

CVE-2024-50512 WordPress Posti Shipping plugin <= 3.10.2 - Full Path Disclosure (FPD) vulnerability

Generation of Error Message Containing Sensitive Information vulnerability in Posti Posti Shipping posti-shipping allows Retrieve Embedded Sensitive Data.This issue affects Posti Shipping: from n/a through = 3.10.2...

CVE-2024-50512

CVE-2024-50512 affects the WordPress plugin Posti Shipping (versions

HTML Injection

org.openrefine, openrefine is vulnerable to HTML injection. The vulnerability is due to improper handling of error messages, which fails to escape HTML tags in exception messages and tracebacks, allowing an attacker to inject malicious HTML when a specific error is triggered...

HCL Sametime 安全漏洞

HCL Sametime is a conferencing solution from HCL Corporation, USA. A security vulnerability exists in HCL Sametime that stems from being affected by an error message containing sensitive information...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 283 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regula...