Lucene search
K

189 matches found

RedhatCVE
RedhatCVE
added 2025/08/18 6:29 a.m.17 views

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.5AI score0.00207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/16 6:11 a.m.13 views

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.8AI score0.00207EPSS
Exploits1References1
OSV
OSV
added 2025/08/14 6:15 a.m.5 views

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS5.8AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2025/08/14 6:15 a.m.4 views

CVE-2025-8046

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS0.00207EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/14 6:0 a.m.3 views

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.8AI score0.00207EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

7.3AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2025/06/25 5:31 a.m.7 views

MGASA-2025-0193 Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

5.3CVSS7.5AI score0.006EPSS
Exploits0References6
Mageia
Mageia
added 2025/06/25 5:31 a.m.9 views

Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

5.3CVSS7.7AI score0.006EPSS
Exploits0References5
OSV
OSV
added 2025/06/05 3:30 a.m.1 views

GHSA-7XR5-9HCQ-CHF9 Django Improper Output Neutralization for Logs vulnerability

An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

4CVSS5.9AI score0.006EPSS
Exploits0References11
OSV
OSV
added 2025/06/05 3:15 a.m.5 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.6AI score
Exploits0References8
OSV
OSV
added 2025/06/05 3:15 a.m.1 views

DEBIAN-CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.7AI score0.006EPSS
Exploits0References1
OSV
OSV
added 2025/06/05 3:15 a.m.2 views

PYSEC-2025-47

An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.2AI score0.006EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/06/05 3:14 a.m.2 views

SUSE CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

6.8CVSS7.4AI score0.006EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/05 2:40 a.m.2 views

Improper Output Neutralization for Logs

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the request.path function used by HTTP responses, which allows control characters to ...

6.9CVSS7.3AI score0.006EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/05 12:0 a.m.10 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS4.9AI score0.006EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/06/05 12:0 a.m.5 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

4CVSS4.7AI score0.006EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/06/05 12:0 a.m.13 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.7AI score0.006EPSS
Exploits0
OSV
OSV
added 2025/06/04 2:0 p.m.2 views

UBUNTU-CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS7.2AI score0.006EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.6 views

PT-2025-23836

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.22 Django versions 5.1 through 5.1.10 Django versions 5.2 through 5.2.2 Description An issue was discovered in Django where internal HTTP response logging does not escape request.path, allowing remote attackers ...

8.1CVSS7.8AI score0.15602EPSS
Exploits4References159
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.5 views

CVE-2023-0937

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.1AI score0.00519EPSS
Exploits2References1
Rows per page
Query Builder