8 matches found
CVE-2025-71385
Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...
EUVD-2025-210409
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...
CVE-2025-71385
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...
iLove - Free Dating & Chat App - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application iLove - Free Dating & Chat App published at the 'play' market has multiple vulnerabilities...
CVE-2014-5649
The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5649
The CVE-2014-5649 entry concerns the iLove - Free Dating & Chat App (com.jestadigital.android.ilove) for Android, version 1.3.3, where the app does not verify X.509 certificates from SSL servers. This behaves as a certificate validation flaw that can let man-in-the-middle attackers spoof servers ...
CVE-2014-5649
The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...