Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.11 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

dalfox 安全漏洞

Dalfox is an automated cross-site script scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from two stages in ParameterAnalysis where the same closed results channel was written to, potentially causing a panic...

7.5CVSS5.7AI score0.00231EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.16 views

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40425

Name of the Vulnerable Software and Affected Versions dalfox affected versions not specified Description A structural ordering error in the ParameterAnalysis function within pkg/scanning/parameterAnalysis.go allows an unauthenticated remote attacker to crash the dalfox server process. The issue...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
Rows per page
Query Builder