Cross site scripting

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...

CVE-2020-3460 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...

CVE-2020-3460 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does no...

PT-2020-19718 · None · Uvicorn

Name of the Vulnerable Software and Affected Versions: Uvicorn versions prior to 0.11.7 Description: The issue allows attackers to exploit HTTP response splitting by adding arbitrary headers to HTTP responses or returning an arbitrary response body when crafted input is used to construct HTTP...

HTTP Header Injection

ceph is vulnerable to HTTP header injection. The vulnerability exists in radosgw through the CORS ExposeHeader tag...

ceph: radosgw: HTTP header injection via CORS ExposeHeader tag

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

RHEL 7 / 8 : Red Hat Ceph Storage 4.1 (RHSA-2020:3003)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3003 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...

openSUSE Security Update : ceph (openSUSE-2020-898)

This update for ceph fixes the following issues : - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

SUSE SLES12 Security Update : ceph (SUSE-SU-2020:1748-1)

This is a version update for ceph to version 12.2.13 : Security issue fixed : CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921. Notable changes in this update for ceph : - mgr: telemetry: backported and now available on SES5.5. Please consider enabling via 'ceph...

SUSE-SU-2020:1511-2 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...

Cross site scripting

Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...

CVE-2020-13423

Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Currenturl or email field, or the User-Agent HTTP header...

OPENSUSE-SU-2020:0898-1 Security update for ceph

This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for ceph (important)

openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2020:0898-1 Rating: important References: 1171921 Cross-References: CVE-2020-10753 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for ceph fixes...

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

SUSE-SU-2020:1747-1 Security update for ceph

This update for ceph fixes the following issues: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag bsc1171921...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...