CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

PT-2024-13840 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...

CVE-2024-52943

The connected sources provide concrete details for CVE-2024-52943: Veritas Enterprise Vault (pre-15.1 UPD882911) has an issue in the HTMLView endpoint where an authenticated remote attacker can inject a parameter into an HTTP request, causing Cross-Site Scripting (XSS) when viewing archived conte...

CVE-2024-52941

CVE-2024-52941 affects Veritas Enterprise Vault prior to 15.1 UPD882911. An authenticated remote attacker can inject a parameter into an HTTP request, enabling Cross-Site Scripting (XSS) when viewing archived content. The root cause is a lack of input sanitization in the affected flow (notably me...

libsoup security update

2.72.0-8.el95.2 - Backport upstream patch for CVE-2024-52532 - infinite loop while reading websocket data - Resolves: RHEL-67068 2.72.0-8.el95.1 - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Resolves: RHEL-67080...

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

PT-2024-8690

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...

CVE-2022-20634

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...

CVE-2022-20634 Cisco Enterprise Chat and Email Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An...

PT-2024-8888

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.31 PHP versions 8.2. before 8.2.26 PHP versions 8.3. before 8.3.14 Description: The issue is related to the configuration of the request fulluri option in PHP, which can lead to HTTP request smuggling when using...

CVE-2024-48284

A Reflected Cross-Site Scripting XSS vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...

CVE-2024-50841

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/calendarofevents.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the datestart, dateend, and title parameters...

Ubuntu: Security Advisory (USN-7106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-50839

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/addsubject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subjectcode and title parameters...

CVE-2024-50842

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/schoolyear.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the schoolyear parameter...

CVE-2024-48284

A Reflected Cross-Site Scripting XSS vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request...

CVE-2024-50841

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/calendarofevents.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the datestart, dateend, and title parameters...

CVE-2024-50840

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the classname parameter...