CVE-2026-23738

CVE-2026-23738 affects Asterisk; prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user-supplied cookie/GET parameter values are echoed into the HTML of the /httpstatus page without escaping, enabling reflected XSS. The issue is mitigated by upgrading to the patched series (20.7...

hadoop-jobtracker-info NSE Script

Retrieves information from an Apache Hadoop JobTracker HTTP status page. Information gathered: State of the JobTracker. Date/time the service was started Hadoop version Hadoop Compile date JobTracker ID Log directory relative to Associated TaskTrackers Optionally also user activity history Script...

hbase-master-info NSE Script

Retrieves information from an Apache HBase Hadoop database master HTTP status page. Information gathered: Hbase version Hbase compile date Hbase root directory Hadoop version Hadoop compile date Average load Zookeeper quorum server Associated region servers Script Arguments slaxml.debug See the...

hadoop-tasktracker-info NSE Script

Retrieves information from an Apache Hadoop TaskTracker HTTP status page. Information gathered: Hadoop version Hadoop Compile date Log directory relative to Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size,...