TotoLink A720R 命令注入漏洞

TOTOLINK A720R is a router device. An input validation vulnerability exists in TOTOLINK A720R Main's handling of QUERYSTRING, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary commands in the application context...

GHSA-6QJ8-C27W-RP33 Cross-site scripting in Apache Syncome EndUser

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string...

VulnCheck KEV: CVE-2021-24878

The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the wpsccreateticket shortcode embed, leading to a Reflected Cross-Site Scripting issue...

Brave Software: New XSS vector in ReaderMode with %READER-TITLE-NONCE%

A new XSS vulnerability was discovered in Brave iOS 1.31.1 and higher, which allowed attackers to execute malicious scripts on ReaderMode pages. The vulnerability was caused by a relaxation of the CSP rule, which allowed scripts with nonce-%READER-TITLE-NONCE% to be executed. Attackers could...

CVE-2021-23228

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”...

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Backdoor.Win32.VB.afu Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Transit Password Disclosure Description: The malware...

Wordlistgen - Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs Or Paths

wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your wordlists. Wordlists are much more effective when you take the application's context into consideration. wordlistgen pulls out URL components, such as subdomain names, paths, query strings, etc. and spits...

User Activity Log < 1.4.7 - Reflected Cross Site Scripting via Query String

The plugin does not escape the $SERVER'QUERYSTRING' before outputting it back in attributes, which could lead to Reflected Cross-Site Scripting in web browsers which do not encode URL characters. With a web browser which does not encode characters or use burp suite and decode the URL via the...

Dell EMC PowerScale OneFS Information Disclosure Vulnerability

Dell EMC PowerScale OneFS, an API-driven file system, is vulnerable to an information disclosure in Dell EMC PowerScale OneFS version 8.2.2-9.1.0.. The vulnerability stems from the product's use of a get request method with a sensitive query string. An attacker could exploit the vulnerability to...

Cross site scripting

CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

Cross site scripting

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

PT-2021-8205 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 version 1.5.1.3 DrayTek Vigor 3900 version 1.5.1.3 DrayTek Vigor 300B version 1.5.1.3 Description: A Remote Command Injection issue exists in the mainfunction.cgi script of the DrayTek Vigor web interface due to inadequate...

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

ALPINE-CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short que...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2021-37587)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

FusionPBX 跨站脚本漏洞

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...