11 matches found
EUVD-2022-6113
Malicious code in bioql PyPI...
Deserialization Of Untrusted Data
org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to filterSensitive function in MySQLSinkDTO.java not properly sanitizing whitespace characters, especially the horizontal tab \t, in URL parameters, which allows these characters to bypass...
Open Redirect
apacheairflow is vulnerable to open redirect. The vulnerability exists due to the getsafeurl function in views.py improperly sanitizing headers leading to open redirect in the webserver's /confirm endpoint...
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
CVE-2021-33295
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
CVE-2021-33295
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
CVE-2021-33295
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
Cross-site Scripting (XSS)
ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists in include.php due to improper sanitizing of user inputs which allows an attacker to insert and execute arbitrary Javascript...
KLA11089 XSS vulnerability in Microsoft Sharepoint Server
An XSS cross-site scripting vulnerability related to an improper sanitizing of web requests was found in Microsoft SharePoint Server. By exploiting this vulnerability malicious users can spoof user interaface. This vulnerability can be exploited remotely via a specially designed web request...
Microsoft Lync and Skype for Business Security Bypass (MS15-123: CVE-2015-6061)
A security bypass vulnerability exists in Skype for Business and Lync Servers. The vulnerability is due to improper sanitizing of specially crafted content. A remote attacker could trigger this flaw by convincing a victim to open an instant message session and then send that user a message...
Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit...