4 matches found
Flickr: High resource consumption by insufficient sanitization of forum threads pagination
The forum threads pagination functionality was insufficiently sanitized, leading to high resource consumption. When a page number was provided in the URL that exceeded the number of available pages, an infinite loop was triggered, generating excessive markup on each iteration. The issue was...
MediaWiki 访问控制错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...
PT-2021-3351 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue is related to the ContentModelChange function in MediaWiki, which lacks proper authorization. This allows a remote attacker t...
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/47044/info Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...