CVE-2024-9147

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2023-38499

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

CVE-2023-25827

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2025-22373

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles This issue affects BASEC: from 14 Dec 2021...

GHSA-RQ86-9M6R-CM3G SurrealDB has uncaught exception in Net module that leads to database crash

A vulnerability was found where an attacker can crash the database via crafting a HTTP query that returns a null byte. The problem relies on an uncaught exception in the net module, where the result of the query will be converted to JSON before showing as the HTTP response to the user in the /sql...

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm; substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows t...

CVE-2024-9147

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2024-9147

Summary: CVE-2024-9147 concerns a Basic XSS in Bna Informatics PosPratik prior to v3.2.1 due to improper neutralization of script-related HTML tags in HTTP query strings. Affected product/version: PosPratik pre-3.2.1. Root cause: insufficient sanitization of user-supplied input in query strings l...

Sensitive Information Exposure

pterodactyl/panel is vulnerable to Sensitive Information Exposure. The vulnerability is due to the insecure handling of passwords in HTTP query parameters, which are logged in plain text when two-factor authentication is disabled. It can allow unauthorized access if an attacker gains access to...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

PT-2024-32820 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL...

MAL-2024-11608 Malicious code in http-query (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f19b11d590534cc47f47b9fc60fae3affd054b1f5dc720dbbc17147cc7095653 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Code injection

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

TYPO3 9.4.0 < 9.5.42 ELTS / 10.0.0 < 10.4.39 ELTS / 11.0.0 < 11.5.30 / 12.0.0 < 12.4.4 (TYPO3-CORE-SA-2023-003)

The version of TYPO3 installed on the remote host is prior to 9.4.0 9.5.42 ELTS / 10.0.0 10.4.39 ELTS / 11.0.0 11.5.30 / 12.0.0 12.4.4. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-003 advisory. - In multi-site scenarios, enumerating the HTTP query...

Command Injection

net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious code to execute on the OpenTSDB host system...

Cross-site Scripting (XSS)

opentsdb is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the internalError and badRequest functions of HttpQuery.java, which allows an attacker to inject and execute malicious JavaScript through th...

Command injection in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...