6 matches found
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...
GHSA-MVF6-3F2G-XFXF endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logopath query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file disclosure...
ZOHO ManageEngine Log360 Cross-Site Scripting Vulnerability (CNVD-2021-67511)
ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A cross-site...
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...
Cross site scripting
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...
CVE-2021-40178
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGOPATH key value in the logon settings...