CVE-2023-2267

CVE-2023-2267 describes an input validation error in the Schweitzer Engineering Laboratories SEL-411L (a line differential protection, automation and control system). The connected documents state that this vulnerability could allow an attacker to perform reflection attacks against an authorized ...

Schweitzer Engineering Laboratories SEL-411L 安全漏洞

The Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. An input validation error vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L, which can be...

PT-2023-31052 · Unknown · Symbolicator

Name of the Vulnerable Software and Affected Versions: Symbolicator versions prior to 23.11.2 Description: The issue allows an attacker to make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

VulnCheck KEV: CVE-2022-22242

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS...

Exploit for Unsafe Reflection in Hsqldb Hypersql_Database

Research into CVE-2022-41853: Using static functions to obtian...

Unrestricted file upload

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resourcesaddQuickajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response...

XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu

Impact XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name ...

Rocky Linux 8 : thunderbird (RLSA-2022:5774)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5774 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory...

WordPress Meta Data and Taxonomies Filter Plugin < 1.3.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pluginus:wordpressmetadataandtaxonomiesfilter"; ifdescriptio...

Unsafe Reflection

thunderbird is vulnerable to Unsafe Reflection. This results in possible spoofing attacks since the website obscures fullscreen notifications using a URL scheme handled by an external program...

Cross-site Scripting (XSS)

Overview org.craftercms:crafter-engine is a Crafter Content Delivery Engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via API endpoints that reflect some input parameter and do produce XML responses. An attacker can inject malicious scripts by sending crafted...

Dissecting a Clever Malware Sample for Optimized Detection and Protection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

CVE-2023-33276

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without...

CVE-2023-33276

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without...

PT-2023-19340 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue concerns the QuBot WordPress plugin, where it fails to filter user input on chat. This allows malicious code to be inserted and reflected on the user dashboard...

GHSA-86H2-2G4G-29QX avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

avo possible unsafe reflection / partial DoS vulnerability

Summary The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. Details After reviewing th...

CVE-2023-34102 Possible unsafe reflection / partial denial of service in avo

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...