Topcoder: Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com

Hi, I found reflected xss on https://apps.topcoder.com via error message.. Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm Vulnerable link : https://apps.topcoder.com/wiki/labels/%3CIFRAME%20SRC%3D%22javascript%3Aalert'XSS'%22%3E.vm Step to reproduce : Create an account...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7231

CVE-2020-7231 affects Evoko Home 1.31 devices. The vulnerability is described as the login process returning different error messages depending on whether the username is valid, which can enable username enumeration (information disclosure) without details on exploited vectors, affected component...

Unable to Export the new configuration from the SD-WAN Center to the Change Management Inbox

Unable to Export the new configuration from the SD-WAN Center to the Change Management Inbox of MCN and displayed with following error message: UnderSDWANCENTERmanagement.log , the following error message can be seen as shown in the below log snippet: Log Snippet: ========== 00000:097:509:112 INF...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the message and moreinfourl parameters in outputrenderers.php, allowing an attacker to inject malicious scripts and thereby causing the payload to be rendered and executed when the error...

Mail.ru: Ability to find out the name of the database table and its columns

Verbose errors were not disabled on api.iconjob.co An attacker can learn the name of a database table and its columns from an error message. This can help implement other SQL injection type attacks...

Error: "Error getting status - Cannot find license file"

When the lmstat -a command is run from the command prompt on a computer with the Licensing software version 11.9 or later, the following error message is displayed: “Error getting status: Cannot find license file:” The preceding error message appears even after setting the location of the license...

Information Exposure

Overview Versions of type-graphql prior to 0.17.6 are vulnerable to Information Exposure. The package leaks the resolver source code in an error message. It is possible to force this error when no subscription topics are provided in the request. Recommendation Upgrade to version 0.17.6 or later...

Debian DLA-2038-2 : x2goclient regression update

A change introduced in libssh 0.6.3-4+deb8u4 which got released as DLA 2038-1 has broken x2goclient's way of scp'ing session setup files from client to server, resulting in an error message shown in a GUI error dialog box during session startup and session resuming. For Debian 8 'Jessie', this...

XML External Entity (XXE) Injection Payload List

An XML External Entity XXE attack sometimes called an XXE injection attack is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service DoS as well as access local and remote content and services. XXE can be...

Cross-Site Scripting (XSS)

Zope 2 is vulnerable to cross-site scripting XSS. The vulnerability is due to an incomplete fix of CVE-2010-1104, which fails to sanitize the default standard error message errormessage parameter, allowing an attacker to inject an arbitrary script through it...

Cross site scripting

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...

Design/Logic Flaw

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message...

CVE-2013-6879

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message...

CVE-2019-4570

IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720...

Information disclosure

IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 166720...

Error: No Product Licenses Found on the License Server for the Selected Model

When configuring XenApp 6.5, the following error message is displayed: “No product licenses found on the license server for the selected model”...

CVE-2010-4659

Cross-site scripting XSS vulnerability in statusnet through 2010 in error message contents...

Cross site scripting

Cross-site scripting XSS vulnerability in statusnet through 2010 in error message contents...

CVE-2010-4659

Cross-site scripting XSS vulnerability in statusnet through 2010 in error message contents...