PT-2025-2631 · Ibm · Bigfix Patch Download Plug-Ins

The BigFix Patch Download Plug-ins are affected by insecure support for the file URI scheme, which could allow a malicious operator to attempt to download files using the file:// URI scheme. This issue is related to the handling of URI schemes in the plug-ins. An exploit could be used to take...

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

Cross site scripting

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

CVE-2021-46387

CVE-2021-46387 affects ZyXEL ZyWALL 2 Plus Internet Security Appliance. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insecure URI handling, enabling an attacker to execute arbitrary JavaScript in a user’s browser and potentially perform clipboard hijacking or session hijackin...

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

Microsoft OneDrive iOS App 8.13 Insecure URI Scheme Handling

A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure Handling Of URI Schemes product: Microsoft OneDrive iOS App vulnerable version: 8.13 fixed...

Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)

Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...

Opera: Multiple spoofing vulnerabilities

Background Opera is a multi-platform web browser. Description Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link. Opera also updates the address bar before loading a page. Additionally, Opera contains...

PHPGedView 2.5/2.6 - 'Relationship.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11906/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...