10 matches found
Cross Site Scripting (XSS)
ckeditor4 is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a flaw in the Code Snippet GeSHi plugin. An attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server...
CVE-2024-43407
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407
Summary: CVE-2024-43407 affects CKEditor 4 via the Code Snippet GeSHi plugin, where a flaw in the GeSHi syntax highlighter could enable a reflected XSS attack. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. The advisory states the GeSHi library is no longer acti...
CVE-2024-43407
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)
$Id: phpunserializezvalcookie.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
PHP < 4.5.0 - Unserialize Overflow (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PHP 4...
QWikiwiki directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: QWikiwiki directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 01/01/2005 Severity: Critical Summary: - -------- QwikiWiki is driven by one core design goal: simplicity. This design goal is codified in...
CVE-2002-0240
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message...