CVE-2010-4659

StatusNet (open-source PHP-based micro-blogging platform) contains a cross-site scripting (XSS) vulnerability in error message contents up through 2010. The root cause is insufficient validation of client-side data by the web application, enabling an attacker to execute client-side code via craft...

Cross-Site Scripting (XSS)

KairosDB is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of message is not sanitized when it is displayed when an error has occurred...

KairosDB Cross-Site Scripting Vulnerability

KairosDB is a high-speed distributed scalable temporal database based on Cassandra. A cross-site scripting vulnerability exists in view.html in KairosDB 1.2.2 and earlier versions. The vulnerability stems from the showErrorMessage in js/graph.js, and can be exploited via view.html with the...

CVE-2019-19040

KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":"value":"...

PT-2019-15766 · Kairosdb · Kairosdb

Name of the Vulnerable Software and Affected Versions: KairosDB versions prior to 1.2.3 Description: The issue concerns an XSS vulnerability in the view.html file due to the showErrorMessage function in js/graph.js. This can be exploited by including a specific substring, such as...

OS Layer Finalize fails with error "It looks like the packaging Machine has never been powered on".

While finalizing an OS layer edit in the App Layering appliance, you receive an error,"It looks like the packaging Machine has never been powered on." Can see the below error in ELM logs: 2019-11-01 09:53:36,890 ERROR 27 CpTaskResultMessag: Got Error type GlobalizedError. FailureReason: It looks...

Code injection

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...

CVE-2019-6122

CVE-2019-6122 is a vulnerability in NiceHash Miner prior to 2.0.3.0 causing user enumeration through separate error messages: submitting a non-existent email triggers “EMAIL DOES NOT EXIST,” while valid emails with incorrect credentials yield a different error. This behavioral difference enables ...

CVE-2019-6122

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...

CPDoS Poisoning Attack

On October 22, 2019, a new method of web cache poisoning, called CPDoS or Cache Poisoned Denial of Service, was announced by researchers, Hoai Viet Nguyen and Luigi Lo Iacono. Targeting content delivery networks and other caching systems, the attack works by using a malicious header in the HTTP...

CVE-2019-4512

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554...

Information disclosure

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554...

CVE-2019-4512

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554...

Description of the security update for SharePoint Server 2019: October 8, 2019

Description of the security update for SharePoint Server 2019: October 8, 2019 Summary This security update resolves an elevation of privilege vulnerability that exists in Microsoft SharePoint. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1330...

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

Unable to unlock iOS or iPadOS devices via Administration Console after upgrading to 13.1

Unable to unlock iPhone/iPad from Citrix Endpoint Management administration console after upgrading to iOS/iPadOS 13.1+. Note:No error message is displayed when command fails. The device ignores the command...

CVE-2019-12156

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

Cross site scripting

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules...

Cross site scripting

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message...

CVE-2019-11662

Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message...