4 matches found
Flickr: High resource consumption by insufficient sanitization of forum threads pagination
The forum threads pagination functionality was insufficiently sanitized, leading to high resource consumption. When a page number was provided in the URL that exceeded the number of available pages, an infinite loop was triggered, generating excessive markup on each iteration. The issue was...
PT-2021-3351 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue is related to the ContentModelChange function in MediaWiki, which lacks proper authorization. This allows a remote attacker t...
MediaWiki 访问控制错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/47044/info Cetera eCommerce is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...