157 matches found
Design/Logic Flaw
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
CVE-2022-34178
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability...
PT-2022-22045 · Jenkins · Jenkins Embeddable Build Status Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Embeddable Build Status Plugin version 2.0.3 Description: The issue allows specifying a link query parameter for build status badges without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2021-39020
IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...
CVE-2021-44662
A Site Scripting XSS vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php...
CVE-2021-38361
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the /htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1...
Cross site scripting
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the /htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1...
PT-2021-22525 · WordPress · Zoomsounds
Name of the Vulnerable Software and Affected Versions: Zoomsounds plugin versions = 6.45 for WordPress Description: The issue allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap download action using directory traversal in the link...
Cisco Webex Meetings 输入验证错误漏洞
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An open redirect vulnerability exists in the Web management interface of Cisco Webex Meetings. The vulnerability stems from improper validation of the input of URL parameters in an HTTP request. An attacker could explo...
CVE-2020-35719
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...
CVE-2020-17386
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...
The vulnerability of the automated information system “Web-Torghi KS” arises from the lack of measures taken to protect the website structure. This allows attackers to obtain users’ access passwords for the AIIS.
The vulnerability of the automated information system “Web-Torghi KS” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain users’ access passwords for the AIIS by changing the...
Cross site scripting
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter...
CVE-2018-18673
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...
CVE-2018-18673
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...
Code injection
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...
CVE-2018-18673
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...
PT-2019-9619 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...
MiniCMS Cross-Site Scripting Vulnerability
MiniCMS is a mini content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.10. A remote attacker can exploit this vulnerability by sending the 'sitelink' parameter to the mc-admin/conf.php file to execute commands...
CVE-2017-0370
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter...