76 matches found
Input validation
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
SailPoint IdentityIQ Security Vulnerability
SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ Lifecycle Manager that stems from improperly limiting parameter values...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
Design/Logic Flaw
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
CVE-2023-48199
HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...
Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.
A vulnerability was discovered on https://cloud.e.khanacademy.org that allowed text injection via breaking out of an input tag. By inserting a closing angle bracket in a parameter value, an attacker could inject arbitrary text that would be reflected on the page, enabling phishing attacks. The...
USN-6066-1 heat vulnerability
It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...
Linux kernel 代码问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of speculative pointer dereferences with controlled resource parameter values, which can be...
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...
SUSE CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...
Siemens RUGGEDCOM APE1808 product family competitive conditions vulnerability
RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments.A competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, whi...
Information Disclosure
bolt is vulnerable to information disclosure. The vulnerability exists in the startplan function in connection.rb due to submitting sensitive parameter values to the orchestrator service when running plans over the PCP transport which allows an attacker to gain access to sensitive information...
Codiad Vulnerable to Shell Command Injection
components/filemanager/class.filemanager.php in Codiad before 2.8.3 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...
Privilege escalation
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by...
Fixed in Apache Tomcat 9.0.46
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
PYSEC-2021-30
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters...
CVE-2021-1420
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
Design/Logic Flaw
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...