CVE-2022-3073

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser...

CVE-2024-52887 Self-XSS

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

CVE-2017-7678

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

PHP: Bypass safe_mode and inject ASCII control chars with mail()

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: PHP Version: 4.x up to 4.2.2 Vendor: http://www.php.net/ Author: Wojciech Purczynski [email protected] Date: June 13, 2002 Updated: August 23, 2002 Released: August 21, 2002 Issue: ====== Two vulnerabilities exists in mail PHP function. The first...