16 matches found
CVE-2026-33506
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
CVE-2026-33506
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
EUVD-2026-16320
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
CVE-2026-33506
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
PT-2026-28487
Name of the Vulnerable Software and Affected Versions Ory Polis versions prior to 26.2.0 Description Ory Polis, previously known as BoxyHQ Jackson, functions as a bridge or proxy for a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 are susceptible to a DOM-based Cross-Si...
Ory polis 输入验证错误漏洞
Ory Polis is an open-source enterprise single-sign-on and directory synchronization solution developed by Ory. Versions of Ory Polis prior to 26.2.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper trust in URL parameters with the callbackUrl...
polis-group.ru XSS vulnerability
Open Bug Bounty ID: OBB-703170 Description| Value ---|--- Affected Website:| polis-group.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
parlamento17.openpolis.it XSS vulnerability
Open Bug Bounty ID: OBB-361107 Description| Value ---|--- Affected Website:| parlamento17.openpolis.it Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventi...
carvalhopolis.mg.gov.br XSS vulnerability
Vulnerable URL: http://www.carvalhopolis.mg.gov.br/index.php/contato1/4-contato? Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 22:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...
msdxmedia-exec.txt
Tested on:.. - Microsoft DirectX Media 6.0 SDK - Microsoft Internet Explorer 6 + all patches - Microsoft Windows XP SP2 Polish + all patches Details:.. obj.SourceUrl = "AAAA..1044..AAAA"; location.reload; Module DXTLIPI EAX 41414141 CALL DWORD PTR DS:EAX -- var shellcode = unescape"%u9090%u9090"+...
Unfixed Redirect vulnerability at www.polis-haber.com
Security researcher TreX, has submitted on 06/12/2007 a Redirect vulnerability affecting www.polis-haber.com, which at the time of submission ranked 537990 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/12/2007. It is currently unfixed. If...
PHPAlbum 0.4.1 Beta 6 - language.php Local File Inclusion
PHPAlbum 0.4.1 Beta 6 - language.php Local File Inclusion DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL...
Quick.CMS.Lite 0.3 - Cookie sLanguage Local File Inclusion
DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX, Ci2u,...