37 matches found
CVE-2020-11053
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
Cross-site Scripting (XSS)
@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...
Open redirect
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
CVE-2020-11053 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
CVE-2020-11053 Open Redirect in OAuth2 Proxy
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is check...
PT-2020-12514 · Oauth2 Proxy · Oauth2 Proxy
Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 5.1.1 Description: The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirec...
Cross-site Scripting (XSS)
dolibarr is vulnerable to cross-site scripting XSS. The attack exists because it does not properly HTML encoded to sanitize $SERVER"HTTPREFERER" arguments, allowing an attacker to inject and execute malicious script...
Cross-Site Scripting (XSS)
com.liferay.expando.web is vulnerable to cross-site scripting. The modelResource parameter is not HTML encoded before being displayed on a user's browser, which allows remote attackers to inject arbitrary Javascript into the victim's browser to steal session tokens or perform unwanted actions on...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting XSS. The facebookadminids parameter under the application's private settings is not validated and HTML encoded before being displayed on a user's browser, allowing a remote attacker to inject arbitrary Javascript into the victim's browser...
Cross-Site Scripting (XSS)
github.com/go-gitea/gitea is vulnerable to cross-site scripting XSS. The avatar URL is not HTML encoded when initCommentForm creates its elements. This allows a remote attacker to inject arbitrary Javascript into a victim's browser using a malformed avatar URL to steal session tokens or perform...
Cross-Site Scripting (XSS)
resque is vulnerable to cross-site scripting. User input is not HTML encoded in lib/resque/server/views/queues.erb before displaying on a user's browser, which would allow remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions o...
Signal Desktop HTML Injection
Title: HTML tag injection in Signal-desktop Date Published: 14-05-2018 CVE Name: CVE-2018-10994 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone desktop version of the secure Signal...
Cross site scripting
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script...
CVE-2017-15360
CVE-2017-15360 affects PRTG Network Monitor version 17.3.33.2830, where stored Cross-Site Scripting is possible in all created group names due to incorrect HTML-encoded script error handling. The connected documents confirm the vulnerability description but do not provide concrete remediation det...
CVE-2017-15360
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script...
Cross-Site Scripting (XSS)
drupal is vulnerable to cross-site scripting XSS attacks. Since the filterXss function does not filter HTML-encoded data attributes, it allows attackers to inject and execute malicious web script through it...
Synology Photo Station 6.2-2858 Cross Site Scripting
------------------------------------------------------------------------ Synology Photo Station multiple Cross-Site Scripting vulnerabilities ------------------------------------------------------------------------ Han Sahin, May 2015...
Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service
No description provided by source. source: http://www.securityfocus.com/bid/4827/info Microsoft's MSN Messenger is an instant messenging client for Windows based machines, based on the Passport system. A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, ...
Reflected cross-site scripting (XSS) in dosearchsite action
The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...
XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...