14 matches found
Cross-site Scripting (XSS)
wabac.js is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the requestURL parameter embedded directly into an inline...
EUVD-2001-0321
Malware in sbrugna...
CVE-2025-10386
A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...
CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting
A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...
CVE-2025-10386
CVE-2025-10386 affects Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is in the POST Request Handler for the file path /login.do, where manipulating the argument requestUrl enables cross-site scripting. It can be triggered remotely, and public exploits exist. Reports not...
PT-2025-37397
Name of the Vulnerable Software and Affected Versions: Yida ECMS Consulting Enterprise Management System version 1.0 Description: A cross-site scripting issue exists in Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is located in the POST Request Handler component,...
Yida ECMS Consulting Enterprise Management System 代码注入漏洞
Yida ECMS Consulting Enterprise Management System is an enterprise management system from Yida. A code injection vulnerability exists in Yida ECMS Consulting Enterprise Management System version 1.0, which originates from an incorrect operation of the requestUrl parameter in the file /login.do, a...
CVE-2025-58765
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...
Webrecorder packages are vulnerable to XSS through 404 error handling logic
A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly embedded into an inline block without sanitization or escaping. This allows an attacker to craft ...
CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic
wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...
Server Side Request Forgery (SSRF)
shenyu is vulnerable to Server-Side Request Forgery. This vulnerability exists because it does not properly validate the requestUrl parameter, allowing an attacker to access internal servers and resources to perform unauthorized actions...
PT-2023-20277 · Apache · Apache Shenyu
Name of the Vulnerable Software and Affected Versions: Apache ShenYu version 2.5.1 Description: There exists an SSRF Server-Side Request Forgery vulnerability located at the "/sandbox/proxyGateway" endpoint. This vulnerability allows manipulation of arbitrary requests and retrieval of correspondi...
ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote DOS Vulnerability
This host has ICQ Toolbar installed and is prone to Remote Denial of Service Vulnerability OpenVAS Vulnerability Test $Id: gbicqtoolbaractvxctrldosvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote DOS Vulnerability Authors: Antu Sanadi Copyright:...
Fwd: Re: phpnuke, security problem...
Hi, Due to this reply, i see no reason to delay this. No patch nor new version has been released, for a quick fix, see below. Regards, Joao Gouveia ------------ [email protected] Francisco Burzi [email protected] Joao Gouveia wrote: Helo Francisco, There is yet another security flaw with the new...