Lucene search
K

23 matches found

EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29179

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS6AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.25 views

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.7 views

CVE-2023-27905

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a plugin for hosting...

9.6CVSS5.9AI score0.01541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:55 a.m.12 views

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users...

5.3CVSS7.1AI score0.00516EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/12 12:11 a.m.3 views

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS5.6AI score0.00666EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2024/12/20 12:2 p.m.2 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. bsc1223098 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

6.1CVSS6.9AI score0.00666EPSS
Exploits0References4
Mageia
Mageia
added 2024/06/24 7:4 p.m.44 views

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6AI score0.00666EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.89 views

aioHTTP < 3.9.4 XSS

The version of aioHTTP installed on the remote host is prior to 3.9.4. It is, therefore, affected by a cross-site scripting XSS vulnerability. aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This...

6.1CVSS7.1AI score0.00666EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/19 2:18 a.m.3 views

SUSE CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS8.2AI score0.00666EPSS
Exploits0References5
OSV
OSV
added 2024/04/18 3:15 p.m.8 views

AZL-43357 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.7AI score0.00666EPSS
Exploits0References1
OSV
OSV
added 2024/04/18 3:15 p.m.2 views

UBUNTU-CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.8AI score0.00666EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/04/18 2:23 p.m.37 views

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS5.8AI score0.00666EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/04/18 2:23 p.m.33 views

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.1AI score0.00666EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/04/18 2:23 p.m.23 views

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.2AI score0.00666EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/18 1:45 p.m.57 views

aiohttp Cross-site Scripting vulnerability on index pages for static file handling

Summary A XSS vulnerability exists on index pages for static file handling. Details When using web.static..., showindex=True, the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks...

6.1CVSS6.3AI score0.00666EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2022/12/21 11:15 p.m.18 views

Authentication flaw

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users...

5CVSS6.5AI score0.00516EPSS
Exploits0References1Affected Software12
Vulnrichment
Vulnrichment
added 2022/12/21 10:30 p.m.8 views

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users...

5.3CVSS7.4AI score0.00516EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/21 10:30 p.m.21 views

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users...

5.3CVSS5.7AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2021/10/18 7:4 p.m.16 views

GHSA-H7VQ-5QGW-JWWQ CSV Injection Vulnerability

Impact In some circumstances, it was possible to export data in CSV format that could trigger a payload in old versions of Excel. If you are accepting user input from untrusted sources and will be exporting that data in CSV format from element index pages and there is a chance users will open tha...

8.8CVSS8.5AI score0.01329EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/04/22 12:0 a.m.13 views

PostgreSQL 9.1 < 9.1.20 / 9.2 < 9.2.15 / 9.3 < 9.3.11 / 9.4 < 9.4.6 / 9.5 < 9.5.1 Multiple Vulnerabilities

Binary data 9264.prm...

9.1CVSS7.3AI score0.06948EPSS
Exploits0References10
Rows per page
Query Builder