Cross site scripting

A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...

PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities

Document Title: =============== PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2290 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date:...

BMW Online (Mail) - Persistent Web Vulnerability

Document Title: =============== BMW Online Mail - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2262 Vulnerability Magazine:...

Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability

Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-18 Vulnerability Laboratory ID VL-ID: ==================================...

Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability

Document Title: =============== Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2301 Release Date: ============= 2021-10-17 Vulnerability Laboratory ID VL-ID: ====================================...

Sonicwall SonicOS 6.5.4 - Cross Site Web Vulnerability

Document Title: =============== Sonicwall SonicOS 6.5.4 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2272 Release Date: ============= 2021-10-17 Vulnerability Laboratory ID VL-ID: ==================================== 22...

Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

✍️ Description The persistent or stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular...

in forkcms/forkcms

Description Insufficient Session expiration even after Credential like password of the account is being updated. Proof of Concept open the same account in multiple browsers. change the password in one Browser. Reload the other one. as a result we can see the account on the other browser is not...

Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. (CVE-2012-3300)

Question Security Bulletin: Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. CVE-2012-3300 | -9F7F4EC1049C904F85257A77006D19A9- | Answer Flash Alert Abstract WebSphere Commerce contains a security vulnerability related to its use of persistent sessions a...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136

Summary: CVE-2021-41136 affects Puma HTTP/1.1 server for Ruby/Rack. When used with a proxy that forwards HTTP header values containing LF, an attacker could smuggle a request through the proxy, potentially causing the proxy to send a response to a different client. This behavior has been observed...

Moderate: Red Hat Security Advisory: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update

Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

UBUNTU-CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

CVE-2021-39866

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...

CVE-2021-39866

Removed by vendor...

PT-2021-22713 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.6 and later Description: A business logic error in the project deletion process allows persistent access via project access tokens. Recommendations: For GitLab versions 13.6 and later, update to a version that includes a fi...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that stems from a...