Lucene search
K

8 matches found

CVE
CVE
added 3 days ago8 views

CVE-2025-71385

Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References5
hackapp
hackapp
added 2016/04/01 9:25 a.m.24 views

iLove - Free Dating & Chat App - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application iLove - Free Dating & Chat App published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 2014/09/09 1:55 a.m.13 views

CVE-2014-5649

The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References3
Prion
Prion
added 2014/09/09 1:55 a.m.10 views

Design/Logic Flaw

The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/09/09 1:0 a.m.34 views

CVE-2014-5649

The CVE-2014-5649 entry concerns the iLove - Free Dating & Chat App (com.jestadigital.android.ilove) for Android, version 1.3.3, where the app does not verify X.509 certificates from SSL servers. This behaves as a certificate validation flaw that can let man-in-the-middle attackers spoof servers ...

5.4CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/09 1:0 a.m.17 views

CVE-2014-5649

The iLove - Free Dating & Chat App aka com.jestadigital.android.ilove application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00271EPSS
Exploits0References3
Rows per page
Query Builder