Incomplete List of Disallowed Inputs

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the hasDangerousProtocol function though the usage of HtmlEntityHex and HtmlEntityDec RegExp. An attacker can inject malicio...

CVE-2024-58318

CVE-2024-58318 describes a stored XSS in Kentico Xperience’s rich text editor used by the page/form builders. The vulnerability arises from the editor allowing malicious URIs via user input, enabling script execution in victims’ browsers. Concrete details in connected docs show affected component...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

Cross-Site Scripting (XSS)

html-purify is vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows execution of javascript via a malicious URIs...

Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability

Python is an object-oriented, straightforward computer programming language. A remote command execution vulnerability exists in Python 'Lib/webbrowser.py', which allows remote attackers to exploit the vulnerability to construct malicious URIs and inject arbitrary code...

ownCloud cross-site scripting vulnerability (CNVD-2017-16363)

ownCloud is the open source file synchronization and sharing solution. A cross-site scripting vulnerability exists in ownCloud, which can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions,...

Sitecore CMS Cross-Site Scripting Vulnerability

Sitecore CMS is a content management system. A cross-site scripting vulnerability exists in Sitecore Experience Platform '/sitecore/client/Applications/List Manager/Taskpages/Contact list'. This allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform...

Multiple I-O DATA DEVICE Products Cross-Site Request Forgery Vulnerability

The I-O DATA DEVICE HVL-A is a high-definition recording hard disk from Japan's I-O DATA DEVICE. A cross-site request forgery vulnerability exists in a number of I-O DATA DEVICE products, which allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicio...

Apache Cordova iOS Arbitrary Plugin Execution Vulnerability

Adobe PhoneGap is a set of open source development frameworks. Apache Cordova iOS is a set of platforms for developing iOS-based mobile applications using HTML, CSS, and JavaScript, and is the core engine that drives PhoneGap. A security vulnerability exists in Apache Cordova iOS that allows remo...

Cisco WebEx Meetings Server Open Redirect Vulnerability

Cisco WebEx Meetings Server is a versatile meeting solution that includes audio, video, and Web conferencing in the WebEx Meeting Solution. An open redirection vulnerability exists in Cisco WebEx Meetings Server that allows an attacker to construct malicious URIs, trick users into parsing them, a...

AlienVault OSSIM Cross-Site Request Forgery Vulnerability

AlienVault OSSIM is an open source security information management system. AlienVault OSSIM suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the targ...

Cisco TelePresence IP Gateway Device Cross-Site Request Forgery Vulnerability

The Cisco TelePresence IP Gateway is a telepresence IP gateway device. A cross-site request forgery vulnerability exists in the Cisco TelePresence IP Gateway appliance that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the...

Cisco TelePresence Serial Gateway Device Cross-Site Request Forgery Vulnerability

The Cisco TelePresence Serial Gateway is an integrated gateway device for web and serial video networks. A cross-site request forgery vulnerability exists in the Cisco TelePresence Serial Gateway appliance that allows remote attackers to construct malicious URIs, trick users into parsing them, an...

Apple iOS Safari Cross-Site Request Forgery Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A cross-site request forgery vulnerability exists in Safari, which is used by Apple iOS, allowing remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious...

Cisco MediaSense Cross-Site Request Forgery Vulnerability

Cisco MediaSense provides recording, playback, live streaming, and storage media, including audio and video, to improve customer service. A cross-site request forgery vulnerability exists in Cisco MediaSense that allows remote attackers to construct malicious URIs, trick users into parsing them,...

Drupal Decisions Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in Drupal Decisions, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...

Drupal Keyword Research Module Cross-Site Request Forgery Vulnerability

Drupal is an open source content management system.Keyword Research is a module that provides keywords for searches. A cross-site request forgery vulnerability exists in the Drupal Keyword Research module that allows remote attackers to construct malicious URIs, trick users into parsing them, and...

Xeams /FrontController Cross-Site Request Forgery Vulnerability

Xeams is an email server. A cross-site request forgery vulnerability exists in Xeams /FrontController, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...

SearchBlox Cross-Site Request Forgery Vulnerability

SearchBlox is an enterprise search solution , built on Lucene . SearchBlox has a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious operations in the context of the target user...

Multiple Reflected Cross-Site Scripting Vulnerabilities in Kemp Virtual LoadMaster

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster suffers from multiple cross-site scripting vulnerabilities that can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack...