GHSA-JGCF-RF45-2F8V Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

EUVD-2019-2234

Malware in sbrugna...

Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2353 Malicious code in ez-get-url-params (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2023-19474 · Mlecms · Mlecms

Name of the Vulnerable Software and Affected Versions: MLECMS version 3.0 Description: A critical issue affects the get url function in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $ SERVER'REQUEST URI' leads to SQL injection. The...

WordPress Get URL Cron Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Get URL Cron Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ed2c1394cbbb Credits Rio Darmawan Required privilege...

SUSE CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

Gitea XSS Vulnerability

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

ALPINE-CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

PT-2021-24127 · Privoxy +4 · Privoxy +4

Name of the Vulnerable Software and Affected Versions: Privoxy affected versions not specified Description: A vulnerability was found in Privoxy, which was fixed by freeing the memory of the compiled pattern spec before bailing in the get url spec param function. Recommendations: At the moment,...

CVE-2021-40728

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...

Cross site scripting

The SAP Commerce Testweb Extension, versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting...

CVE-2019-10221

A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute...

CVE-2019-10771

Characters in the GET url path are not properly escaped and can be reflected in the server response...

Design/Logic Flaw

Characters in the GET url path are not properly escaped and can be reflected in the server response...

CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Full-Access Token Leakage

github.com/minio/minio is vulnerable to full-access token leakage. The vulnerability exists because the full-access token is visible in the GET URL of a download request...

langrenn.njaard.no XSS vulnerability

Vulnerable URL: http://langrenn.njaard.no/Sponsor/get?placeHolder=5=200000195=1896=0=0=prompt/OPENBUGBOUNTY/...