CVE-2024-9798

CVE-2024-9798 concerns a public health endpoint that reveals a list of onboarded services. Connected sources tie this to Zowe API Mediation Layer health endpoint exposure, describing the impact as potentially valuable information for attackers and identifying a remediation path. Affected componen...

apache-cxf: XSS in Apache CXF FormattedServiceListWriter

A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page...

CVE-2012-4492

Multiple cross-site scripting XSS vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the 1 report or 2 Custom Services...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the 1 report or 2 Custom Services...