4 matches found
EUVD-2022-31520
Malicious code in bioql PyPI...
Cross site scripting
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The osusername parameters is not correctly sanitized, leading to reflected XSS...
Barco Control Room 跨站脚本漏洞
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in Barco Control Room prior to version 3.14. The vulnerability stems from the osusername parameter of the /checklogin.jsp endpoint not bein...
Authentication via os_username and os_password URL params is broken
Logging in by specifying username/password in the URL like this: noformathttp://jira.atlassian.com/browse/XYZ-114?decorator=none&view=rss&osusername=LOGIN&ospassword=PASSWORDnoformat used to work. tested with JIRA 3.6.3 Now you get presented with an undecorated "not logged in" message. This issue...