65 matches found
CVE-2024-28739
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...
SUSE CVE-2014-0081
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...
CVE-2022-37240
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...
Alt-N MDaemon 注入漏洞
Alt-N MDaemon is a mail service system from Alt-N Corporation that provides complete mail server functionality, protects users from spam, enables web login to send and receive emails, supports remote management, and protects the system against email viruses when used in conjunction with the MDaem...
PT-2022-23884 · Mdaemon Technologies · Mdaemon Technologies Securitygateway For Email Servers
Name of the Vulnerable Software and Affected Versions: MDaemon Technologies SecurityGateway for Email Servers version 8.5.2 Description: The issue concerns HTTP Response splitting, which occurs via the format parameter. This allows for potential manipulation of HTTP responses. Recommendations: Fo...
CVE-2021-43574
WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
PT-2021-23879 · Atmail · Atmail
Name of the Vulnerable Software and Affected Versions: Atmail version 6.5.0 Description: The issue affects the WebAdmin Control Panel, allowing XSS via the format parameter to the default URI. This problem only affects products that are no longer supported by the maintainer. Recommendations: For...
CVE-2021-41323
Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter...
Abstrium Pydio Cells 路径遍历漏洞
Abstrium Pydio Cells is a next-generation file sharing platform developed in the Go language by Abstrium France. A path traversal vulnerability exists in Pydio Cells 2.2.9, which allows a remote authenticated user to overwrite personal files or Cells files belonging to any user via the format...
CVE-2021-23398
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...
Eclipse BIRT Cross-Site Scripting Vulnerability
Eclipse BIRT is the Eclipse Foundation's set of rich client applications and Web applications for reporting and business intelligence capabilities of open source software . A cross-site scripting vulnerability exists in the 'format' parameter of the Report Viewer in Eclipse BIRT versions 1.0...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
GHSA-F599-5M7P-HCPF grape subject to Cross-site Scripting
The grape rubygem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
ruby-grape ruby gem cross-site scripting vulnerability
ruby-grape ruby gem is a framework for creating class REST APIs in Ruby. A cross-site scripting vulnerability exists in the ruby-grape ruby gem. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'format' parameter...
CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
UBUNTU-CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
DEBIAN-CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...