Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice

Impact This vulnerability allows malicious actors to force the application server to send HTTP requests to both external and internal servers. In certain cases, this may lead to access to internal resources such as databases, file systems, or other services that are not supposed to be directly...

EUVD-2018-4664

Malware in sbrugna...

EUVD-2007-0989

Malware in sbrugna...

Deciso OPNsense 安全漏洞

Deciso OPNsense is a firewall and router operating system from the Dutch company Deciso. A security vulnerability exists in Deciso OPNsense versions prior to 25.7.4 that stems from not cleaning up HTML-related characters in the ptpid parameter, which could lead to a stored cross-site scripting...

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

CVE-2024-48933

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...

UBUNTU-CVE-2024-48933

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...

LemonLDAP::NG 安全漏洞

LemonLDAP::NG is the LemonLDAP::NG open source suite of Web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG prior to version 2.19.3, which stems from a remote attacker being able to inject arbitrary Web script or HTML into the login page via a...

Cross site scripting

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

CVE-2023-1119 Multiple Plugins - Cross-Site Scripting From Third-party Library

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

Multiple Plugins - Cross-Site Scripting From Third-party Library

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability. PoC WP-Optimize - Reflected Cross-Site Scripting 1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image". 2...

CVE-2021-32772

Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allo...

CVE-2020-35677

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the...

CVE-2020-35677

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the...

Sokrates SOWA SowaSQL Cross Site Scripting

Title: SOWA.OPAC Reflected Cross Site Scripting Vulnerability Type: Cross Site Scripting XSS Attack Type: Account Hijacking, Credential Theft, Data Leakage Author: Marek Holka Date: 2020-11-08 Vendor: SOKRATES-software Software Link: https://www.demo.sowwwa.pl/sowacgi.php Version: SOWA.OPAC all...

Updated phpmyadmin package fixes CVE-2016-5099

In phpMyAdmin before 4.4.15.6, a specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page CVE-2016-5099...

Self XSS

PMASA-2016-16 Announcement-ID: PMASA-2016-16 Date: 2016-05-25 Updated: 2016-05-26 Summary Self XSS Description A specially crafted attack could allow for special HTML characters to be passed as URL encoded values and displayed back as special characters in the page. Updated to include CVE ID...

Vignette 4/5 Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7687/info Vignette software has been reported prone to multiple cross-site scripting vulnerabilities. Reportedly the issue presents itself, because the Vignette software does not sufficiently sanitize HTML characters from...

Wah all the system stored xss vulnerability can be comfortably back impact thousands of hosting service providers-vulnerabilities and early warning-the black bar safety net

Brief description: Hua Zhong system discoveredXSSvulnerability, affecting thousands of hosting service providers Detailed description: Hua Zhong, the WinIIS, star outside AMAXSSvulnerability is proof many times, the estimates are now fixed. But Hua all the following vulnerabilities, the estimate ...

The script pictures the back door without echo solutions-vulnerability warning-the black bar safety net

First of all, let us think about why the picture of the back door is not back obvious reason: as you know, we use the include contains picture, the interpreter will put the picture as a text document for searching and automatic parsing% %or??& gt;of the script. So what other html characters such...