Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

Pallets Flask Pallets Werkzeug Cross Site Scripting Vulnerability

Pallets Flask is a Python-based web application development tool from the Pallets project.Pallets Werkzeug is one of the WSGI toolkits. A cross-site scripting vulnerability exists in the 'renderfull' function of the debug/tbtools.py file of the debugger for Pallets Flask and other products used i...

DEBIAN-CVE-2016-10516

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting XSS attacks. The attacks exist because exception messages are not encoded to prevent from XSS attacks...

Information Disclosure

Moodle is susceptible to information disclosure. Attackers can obtain absolute paths by sending invalid requests and reading the exception messages...

Cross-site Scripting (XSS)

Smarty aka smarty-php is vulnerable to cross-site scripting XSS attacks. The attacks exist because it does not properly handle the exception messages in SmartyException class...

Nextcloud Information Disclosure Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 9.0.55 and 10.0.2. The vulnerabili...

Cross site scripting

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message,...

Error message discloses existence of file in write-only share (NC-SA-2017-003)

Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages...

Server: Reflected XSS in Gallery application

The gallery app was not properly sanitizing exception messages from the ownCloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability. For more information please consult the official advisory. This advisory is...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2016-10262)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a cross-site scripting vulnerability in Gallery due to Gallery failing to adequately handle exception messages. An attacker can exploit this vulnerability to...

ownCloud Server Information Disclosure Vulnerability (CNVD-2016-00190)

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud, which provides file management, music storage, calendaring, etc. OwnCloud Server is a server version. A security vulnerability exists in ownCloud Server versions prior to 8.0.9 and 8.1.4 prior to 8.1....

CVE-2016-1501

ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages...

CVE-2016-1501

ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages...

CVE-2015-6557

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...

CVE-2015-4949

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...

Design/Logic Flaw

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception...

CVE-2015-6557

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before...

Fedora 18 : mediawiki-1.19.8-1.fc18 (2013-15994)

SECURITY: Sanitize ResourceLoader exception messages - SECURITY: Token-getting functions will fail when using jsonp callbacks. - SECURITY: Fix extension detection with 2 .'s - Allow a string other than '' as condition for DatabaseBase::delete - Purge upstream caches when deleting file assets. -...