3 matches found
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...
ROS-20250812-01
A vulnerability in the Guzzle HTTP client library of the PHP programming language interpreter is related to an incorrectly implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information Vulnerability i...
The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, related to authentication errors, allows attackers to disclose sensitive information that is protected.
The vulnerability of the Guzzle client HTTP library, a programming language interpreter for PHP, is related to authentication errors. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the library...