3 matches found
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when rendering pages in pages/actionscomponent.html.erb. A user can embed scripts in a page title via the pageencontentattributes0title parameter. PoC '" Details Cross-site scripting or XSS is a code vulnerabili...
Reflected Cross Site Scripting in OpenEMR 7.0.0 and below at backup
Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version Open Source electronic health records and medical practice management application has Reflected Cross Site Scripting vulnerability in the formstatus parameter...