4 matches found
CVE-2023-25827
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...
Cross site scripting
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...
Fedora 28 : php-symfony (2018-9b54497b6e)
2.8.44 2018-08-01 - security cve-2018-14774 HttpKernel fix trusted headers management in HttpCache and InlineFragmentRenderer nicolas-grekas - security cve-2018-14773 HttpFoundation Remove support for legacy and risky HTTP headers nicolas-grekas - bug 28003 HttpKernel Fixes invalid REMOTEADDR in...
CVE-2018-14773: Remove support for legacy and risky HTTP headers
More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...