CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

Generex CS141 Cross-Site Scripting Vulnerability

The Generex CS141 is a series of Ethernet adapters from the German company Generex. A cross-site scripting vulnerability exists in Generex CS141 versions prior to 2.06, which stems from allowing the upload of files containing HTML content...

WebCatalog Security Vulnerabilities

WebCatalog is a desktop application from WebCatalog, Inc. that improves workflow and increases productivity. A security vulnerability exists in WebCatalog versions prior to 49.0 that stems from not validating whether a URL is used for an http or https resource...

The vulnerability of the Input component in the Google Chrome browser allows a hacker to replace the user interface.

The vulnerability of the Input component in Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of the microprogrammed software of the D-LINK DIR-806 wireless router is related to the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the HTTPST parameter...

The vulnerability of the OpenEMR software for managing medical organizations, related to authentication errors, allows a intruder to perform an HTML injection.

The vulnerability of the software for managing medical organizations called OpenEMR is related to authentication errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform HTML injection attacks...

The vulnerability of Google Chrome’s user tabs allows a hacker to bypass existing security restrictions.

The vulnerability of user tabs in Google Chrome is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...

SUSE CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

The vulnerability of the Qlik Sense Enterprise data analysis platform, related to deficiencies in HTTP request processing, allows attackers to enhance their privileges.

The vulnerability of the Qlik Sense Enterprise data analysis platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow attackers to enhance their capabilities remotely...

Tungstenite Security Vulnerability

Snapview GmbH Tungstenite is a library from Snapview GmbH. A security vulnerability exists in Tungstenite 0.20.0 and earlier versions that originated from allowing an attacker to cause a denial of service DoS via a lengthened HTTP header in the client handshake...

CVE-2022-1438

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...

CVE-2023-39612

A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...

DEBIAN-CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

DEBIAN-CVE-2023-4908

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2023-4909

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

PT-2023-5489 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 117.0.5938.62 Description: The issue is related to an inappropriate implementation in Intents, allowing a remote attacker to obfuscate security UI via a crafted HTML page. This could potentially enab...

PT-2023-27901 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee versions prior to 3.29.2 Description: Tolgee is an open-source localization platform. Due to a lack of validation in the Org Name field, a bad actor can send emails with HTML injected code to victims. Registered users can inject HTML...

undertow: Server identity in https connection is not checked by the undertow client

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step that should at least be performed by default in HTTPS and in http/2...

Google Chrome Security Vulnerability

Google Chrome is a web browser from the American company Google Google. A security vulnerability exists in Google Chrome versions prior to 116.0.5845.179. An attacker can exploit the vulnerability to execute arbitrary code via specially crafted HTML pages...

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...