8 matches found
PT-2026-56190
A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22965)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "refID" parameter...
CVE-2021-27528
A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...
CVE-2021-27528
A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...
CVE-2021-27528
DynPG 4.9.2 is affected by a cross-site scripting (XSS) vulnerability exploitable via the refID parameter. The issue permits remote attackers to inject JavaScript into victims’ sessions, with impact described as browser-level compromise for affected users. CVSS metrics included in the record show...
CVE-2021-27528
A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter...
Dynpg组织 Dynpg 跨站脚本漏洞
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "refID" parameter...
priceline.com XSS vulnerability
Vulnerable URL: http://www.priceline.com/home/?refid="...