34 matches found
CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...
CVE-2025-58581
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...
CVE-2025-58589 Information Disclosure Through Stacktrace
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
CVE-2025-58589 Information Disclosure Through Stacktrace
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
EUVD-2025-32506
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
CVE-2025-58581
Summary: CVE-2025-58581 describes an information disclosure in SICK Enterprise Analytics (and SICK Logistic Analytics) where, on application errors, a full stack trace is exposed to users, revealing internal class/method names and application structure. This directly informs attackers about the t...
EUVD-2025-32498
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...
PT-2025-40868
Name of the Vulnerable Software and Affected Versions Application affected versions not specified Description The application reveals full stacktraces to users when errors occur. These stacktraces contain internal details like class and method names, potentially exposing technology and applicatio...
PT-2025-40861
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application reveals full stacktraces when errors occur. These stacktraces contain internal details like class and method names, potentially exposing...
GHSA-QQWR-J9MM-FHW6 deno_doc's HTML generator vulnerable to Cross-site Scripting
Summary Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. Details & PoC 1. XSS in generated searchindex.js denodoc outputed a JavaScript file for searching. However, the generated file used innerHTML on unsanitzed HTML input...
CVE-2024-32468
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
PT-2024-25424 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad versions prior to 6.3.0 Description: An issue allows an authenticated agent to perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist...
OESA-2023-1924 hsqldb security update
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...
GHSA-CH48-9R3Q-PV7X Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Description Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests...
Possible information disclosure of class and method names in RPC response
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests. See CWE-1295:...
resteasy: Error message exposes endpoint class information
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...
resteasy: Error message exposes endpoint class information
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...
resteasy: Error message exposes endpoint class information
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...