13 matches found
EUVD-2015-1566
Malware in sbrugna...
EUVD-2019-0696
Malicious code in bioql PyPI...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CSS Injection
swagger-ui is vulnerable to CSS injection. The ?url= parameter allows an attacker to override a hard-coded schema file, which would enable for the Relative Path Overwrite RPO exploit technique, allowing exfiltration of confidential information from a victim's browser such as the CSRF token value...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Cross-Site Scripting (XSS)
Phpbb is vulnerable to cross-site scripting XSS attacks. The attacks are possible because includes/startup.php does not sanitize the user-supplied input which allows trailing paths to be injected through "Relative Path Overwrite."...
Cross site scripting
Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...
UBUNTU-CVE-2015-1431
Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...