Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure through the request.py wrapper. An attacker can intercept and misuse sensitive information by exploiting the improper handling of HTTP headers and cookies...

Server Side Request Forgery (SSRF)

whooglesearch is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user-supplied data from the location variable in the window endpoint which passes the same user supplied input to send method within request.py. This can be exploited to send crafted GET...

Plone vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 spamProtect.py, 2 pts.py, and 3 request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Open-Xchange: SSRF in /appsuite/api/autoconfig

FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...

PYSEC-2014-54

Multiple cross-site scripting XSS vulnerabilities in 1 spamProtect.py, 2 pts.py, and 3 request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...