21 matches found
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that enables attackers to inject scripts via the icinga.min.js file by exploiting EventListener.handleEvent. This can lead to session hijacking and non-persistent phishing attacks. The issue is described across multiple s...
CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...
CVE-2023-21048
In handleEvent of nan.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
VulnCheck KEV: CVE-2022-25322
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...
CVE-2022-25322
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...
CVE-2022-25322
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...
Sql injection
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection...
PT-2022-17211
Name of the Vulnerable Software and Affected Versions ZEROF Web Server version 2.0 Description The issue allows for SQL Injection via the /HandleEvent endpoint. Recommendations For ZEROF Web Server version 2.0, consider restricting access to the /HandleEvent endpoint until a patch is available...
ZEROF Web Server SQL注入漏洞
ZEROF Web Server is an open source Web framework that simplifies modern Web development . It allows you to build applications without having to worry about package management or routing. ZEROF Web Server has a SQL injection vulnerability that allows HandleEvent SQL injection...
CVE-2021-30175
ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page...
Sql injection
ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page...
CVE-2021-30175
ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page...
CVE-2021-30175
The vulnerability CVE-2021-30175 affects ZEROF Web Server 1.0 (April 2021), where an SQL Injection is possible via the /HandleEvent endpoint on the login page. The Nuclei template and CIRCL/nvd entries confirm that this is an injection in the login handling path (CWE-89) with potential for arbitr...
Google Chrome Denial of Service Vulnerability (CNVD-2019-40126)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in the 'WebKit::WebPluginContainerImpl::handleEvent' function in Google Chrome. An attacker can exploit this vulnerability to cause a denial of service crash with the help of the htmlpluginelement.cpp...
CVE-2011-1459
The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service crash via the htmlpluginelement.cpp plugin...
CVE-2011-1459
The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service crash via the htmlpluginelement.cpp plugin...
Apple WebKit Safari 10.0.3(12602.4.8) - Editor::Command::execute Universal Cross-Site Scripting
Apple WebKit Safari 10.0.312602.4.8 - Editor::Command::execute Universal Cross-Site Scripting document-updateLayoutIgnorePendingStylesheets; return mcommand-executemframe, triggeringEvent, msource, parameter; This method is invoked under an |EventQueueScope|. But...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2013) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...