EUVD-2022-34454

Malicious code in bioql PyPI...

EUVD-2024-25939

Malicious code in bioql PyPI...

BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...

GHSA-Q9RR-H3HX-M87G BunkerWeb has Open Redirect Vulnerability in Loading Page

Summary: A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. Details: The loading endpoint accepts and uses an unvalidated "next" parameter for redirects: PoC: Visit:...

GO-2024-3294 Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb

Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb...

CVE-2024-53264

Summary: CVE-2024-53264 is an open redirect vulnerability in bunkerweb’s loading endpoint. The endpoint accepts an unvalidated the "next" parameter, enabling authenticated users to be redirected to arbitrary external URLs (e.g., /loading?next=https://google.com). This could be leveraged for phish...

CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 inclusive are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirectto query parameter with inadequate validation. Attackers...

PT-2024-22615 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions 19.4.0 through 23.5.0 Description: The issue is a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirect to query parameter with inadequate validation. Attacker...

CVE-2022-2169

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin Loading Page with Loading Screen 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Go to Settings - Loading Page, in the "Display loading screen in" settings, select either "specific pages" or...

Mautic Load Page Cross-Site Scripting Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in the Mautic loading page in Mautic versions 2.1.0 through 2.11.0. A remote attacker can exploit the...

Microsoft Edge Memory Object Handling Information Disclosure Vulnerability

Microsoft Edge is one of the latest WEB browsers. A security vulnerability exists in Microsoft Edge's handling of object memory. The vulnerability allows remote attackers to construct a special WEB page to trick users into loading it, which can obtain partial memory information about the target...