Lucene search
K

355 matches found

WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.11 views

MpOperationLogs <= 1.0.1 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Unauthenticated Stored Cross-Site Scripting via the IP Request Headers...

7.2CVSS5.8AI score0.00985EPSS
Exploits1
Prion
Prion
added 2023/10/18 5:15 a.m.16 views

Cross site scripting

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

5.8CVSS5.9AI score0.00985EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/10/16 2:5 p.m.24 views

GHSA-WQQ4-5WPV-MX2G Undici's cookie header not cleared on cross-origin redirect in fetch

Impact Undici clears Authorization headers on cross-origin redirects, but does not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since Undici handles headers more liberally than the...

3.9CVSS5.8AI score0.01223EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2023/10/13 10:52 p.m.28 views

CVE-2023-45143

A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have...

3.9CVSS5AI score0.01223EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/10/09 10:29 a.m.6 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
NVD
NVD
added 2023/09/29 5:15 a.m.11 views

CVE-2023-26148

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

5.4CVSS5.6AI score0.00379EPSS
Exploits1References2
Prion
Prion
added 2023/09/29 5:15 a.m.18 views

Crlf injection

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

5CVSS5.5AI score0.00379EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/29 5:0 a.m.23 views

CVE-2023-26148

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

5.4CVSS6AI score0.00379EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.5 views

PT-2023-20526 · Unknown · Ithewei/Libhv

Name of the Vulnerable Software and Affected Versions: ithewei/libhv versions all Description: The issue affects the ithewei/libhv package, where untrusted user input used to set request headers can lead to CRLF Injection. An attacker can inject additional headers into the request by adding...

5.4CVSS5.4AI score0.00379EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/16 10:56 a.m.3 views

reactor-netty-http: Log request headers in some cases of invalid HTTP requests

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

4.3CVSS5.8AI score0.00604EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.11 views

CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers...

6.9AI score0.00545EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/07 2:24 a.m.40 views

Leak Of Webhook Secret Token

gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...

5.5CVSS6.7AI score0.00707EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/07/11 3:15 a.m.19 views

CVE-2023-36921

SAP Solution Manager Diagnostics agent - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availabilit...

7.2CVSS6.9AI score0.00548EPSS
Exploits0References2
NVD
NVD
added 2023/07/06 5:15 a.m.14 views

CVE-2023-26138

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

5.4CVSS5.7AI score0.00371EPSS
Exploits1References2
Prion
Prion
added 2023/07/06 5:15 a.m.17 views

Crlf injection

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

4CVSS5AI score0.00371EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/06 5:0 a.m.18 views

CVE-2023-26138

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...

5.4CVSS6AI score0.00371EPSS
Exploits1References2
OSV
OSV
added 2023/06/07 3:52 p.m.20 views

GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.6AI score0.00549EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/06/07 3:52 p.m.27 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.15 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7AI score0.00549EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2023/06/05 10:23 a.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent. Remediation There i...

5.4CVSS5.8AI score0.00371EPSS
Exploits1References2
Rows per page
Query Builder