Lucene search
K

69 matches found

OSV
OSV
added 2025/06/24 1:15 p.m.3 views

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 140...

4.3CVSS5.8AI score0.00189EPSS
Exploits1References2
OSV
OSV
added 2025/06/24 1:15 p.m.3 views

UBUNTU-CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...

4.3CVSS5.8AI score0.00189EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.3 views

PT-2025-26725

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 140 Description: The issue allows an attacker to potentially lead to phishing attacks by following a provided URL in a link querystring parameter instead of the correct URL. This affects Firefox for...

9.8CVSS7.9AI score0.09348EPSS
Exploits3References326
RedhatCVE
RedhatCVE
added 2025/04/11 4:2 p.m.15 views

CVE-2025-32371

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

4.3CVSS6.4AI score0.00263EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.3 views

dot-querystring 安全漏洞

dot-querystring is a dot notation library for node query strings by the individual developer Naoya Tsutsumi. A security vulnerability exists in dot-querystring version v0.2.0, which stems from the lib.parse function containing a prototype contamination vulnerability...

7.5CVSS6.8AI score0.00409EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/28 5:4 a.m.7 views

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate sanitisation of the rewriteHashlinks option in SSViewer, allowing an attacker to inject HTML through the querystring...

6.4AI score
Exploits0
OSV
OSV
added 2024/05/23 3:21 p.m.6 views

GHSA-34Q6-XQXH-GQ39 Silverstripe XSS In rewritten hash links

A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors E.g. href="anchor" to be rewritten in an unsafe way. The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate escapin...

6.1CVSS6AI score
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.3 views

SUSE CVE-2011-2919

Cross-site scripting XSS vulnerability in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page...

4.3CVSS5.8AI score0.01188EPSS
Exploits0References3
OSV
OSV
added 2022/11/27 12:30 a.m.5 views

GHSA-HRPP-H998-J3PP qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an proto key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as...

7.5CVSS7.1AI score0.14663EPSS
Exploits2References16
vulnersOsv
vulnersOsv
added 2022/11/27 12:30 a.m.4 views

@bouzuya/mr-jums (>=0.2.0 <=0.9.1), @deansel/latte (=0.1.2-beta.1) +77 more potentially affected by CVE-2022-24999 via qs (>=6.3.0 <=6.3.1)

qs NPM version =6.3.0, =0.2.0, =1.0.0-alpha.7, =0.0.1-alpha.1, =0.0.1-dev.0, =4.0.0-beta.6, =3.0.0, =0.20.5, =0.20.5, =0.20.8, =0.1.5, =0.6.5, =0.13.0, =0.15.0 - app-decorators =0.8.206 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

7.5CVSS7.1AI score0.14663EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/11/21 11:59 p.m.26 views

Reflected XSS in querystring parameters

An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request. To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload. This will only affect projects...

6.1CVSS5.7AI score0.00472EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/11/21 11:59 p.m.24 views

GHSA-VVXF-R4VM-2VM6 Reflected XSS in querystring parameters

An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request. To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload. This will only affect projects...

6.1CVSS5.9AI score0.00472EPSS
Exploits0References6
OSV
OSV
added 2022/05/14 2:9 a.m.6 views

GHSA-RW75-M7GP-92M3 Django data leakage via querystring manipulation in admin

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

5.3CVSS5.4AI score0.01984EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2022/05/14 2:9 a.m.23 views

Django data leakage via querystring manipulation in admin

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

3.5CVSS5.8AI score0.01984EPSS
Exploits1References13Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/11/21 12:0 a.m.32 views

CVE-2022-38462 - Reflected XSS in querystring parameters

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38462...

6.1CVSS7.2AI score0.00472EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/09 6:15 p.m.7 views

CVE-2020-13127

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKSLISTpt.querystring parameter...

8.8CVSS7.6AI score0.01378EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/04/30 5:16 p.m.6 views

@bouzuya/mr-jums (>=0.2.0 <=0.9.1), @deansel/latte (=0.1.2-beta.1) +77 more potentially affected by CVE-2017-1000048 via qs (>=6.3.0 <=6.3.1)

qs NPM version =6.3.0, =0.2.0, =1.0.0-alpha.7, =0.0.1-alpha.1, =0.0.1-dev.0, =4.0.0-beta.6, =3.0.0, =0.20.5, =0.20.5, =0.20.8, =0.1.5, =0.6.5, =0.13.0, =0.15.0 - app-decorators =0.8.206 and more Source cves: CVE-2017-1000048 Source advisory: OSV:GHSA-GQGV-6JQ5-JJJ9...

7.5CVSS6.7AI score0.02395EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2019/01/14 12:0 a.m.16 views

easy-redirect-manager 2.18.18 - Cross-Site Scripting (XSS)

Any page that causes a 404 or 302 response, will be output within the Redirect Log page without any validation or output encoding, including the URL querystring, which could contain an XSS payload...

4.3CVSS1.3AI score0.01365EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/16 6:29 p.m.5 views

CVE-2018-18761

SaltOS 3.1 r8126 allows action=login&querystring=&user=SQL SQL Injection...

9.8CVSS5.8AI score0.16456EPSS
Exploits5References1
0day.today
0day.today
added 2018/08/06 12:0 a.m.36 views

cgit < 1.2.1 - cgit_clone_objects() Directory Traversal Vulnerability

Exploit for cgi platform in category web applications There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request";...

0.5AI score
Exploits0
Rows per page
Query Builder