94 matches found
Groundhogg <= 2.7.9.8 - Privilege Escalation via CSRF
The plugin lacks CSRF protection when generating the auto login link through a shortcode, enabling attackers to manipulate the assigned user in the link...
SUSE CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...
SUSE CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2022-38482
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
CVE-2022-38482
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
Code injection
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
PT-2023-13610 · Mega · Mega Hopex
Name of the Vulnerable Software and Affected Versions: Mega HOPEX versions 15.2.0.6110 through V5CP4 Description: A link-manipulation issue was discovered. Recommendations: For Mega HOPEX versions 15.2.0.6110 through V5CP4, update to version V5CP4 or later to resolve the issue...
CVE-2022-38482
Mega HOPEX vulnerability CVE-2022-38482 affects versions 15.2.0.6110 through V5CP4, with a link-manipulation issue. Root cause is not elaborated in the provided documents beyond the version range. Remediation: upgrade to V5CP4 or later. No exploitation details are provided in the sources; in-the-...
MEGA International HOPEX 后置链接漏洞
MEGA International HOPEX is a single software platform from MEGA International, France. combining integrated software solutions including privacy and data management, business process analysis and risk management. A security vulnerability exists in MEGA International HOPEX version 15.2.0.6110,...
CVE-2022-38482
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
CVE-2022-38482
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
CVE-2018-25058
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...
CVE-2018-25058
The CVE-2018-25058 issue affects Twitter-Post-Fetcher up to version 17.x, specifically the js/twitterFetcher.js component of the Link Target Handler. The vulnerability enables a web link to an untrusted target via window.opener access and can be triggered remotely. A fix is available in version 1...
Design/Logic Flaw
A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...
CVE-2022-34893
CVE-2022-34893 – Trend Micro Security 2022 (consumer) is a local privilege-escalation flaw described as a “link following vulnerability” in multiple sources. The root cause involves manipulation of a mountpoint via a symbolic link, enabling a low-privileged attacker with local access to escalate ...
CVE-2022-20863
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character...
OTRS 跨站脚本漏洞
OTRS is an application from the German company OTRS. A service management software. A security vulnerability exists in OTRS version 7.0.x prior to 7.0.37, and OTRS version 8.0.x prior to 8.0.25, which originates from an attacker logged in to OTRS as an administrator user, who may be able to...
CVE-2022-30687
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...
Stored XSS on drawio
Sumary Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code Steps to reproduce 1. Create a text box and set word size to 50 2. Click with the rigth button and "Edit link" 3. Put...