CVE-2025-9122 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet...

Cross-site Scripting (XSS)

sentry-provider-db is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of input sanitization in the FORMATPARAM parameter. The unsanitized parameter will be displayed in the Servlet error page, causing a reflected XSS attack...

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

WDK_v1.0.vuln.txt

../ bugs in the Java Web server Development kit built in servlet engine http://localhost:8080/../../../../etc/passwd below is my version info. JavaServertm WDK v1.0 EA elguapo@localhost elguapo$ telnet localhost 8080 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^'...