GHSA-82VP-JR39-4J2J TYPO3 Security Misconfiguration in Frontend Session Handling

It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...

TYPO3 Denial of Service in Frontend Record Registration

TYPO3’s built-in record registration functionality aka “basic shopping cart” using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...

CVE-2024-5413

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their...

CVE-2024-5414

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/getfile.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their...

PhpMyBackupPro 跨站脚本漏洞

PhpMyBackupPro is a very easy to use, free web-based MySQL backup application from the Chris Younger project. A cross-site scripting vulnerability exists in PhpMyBackupPro version 2.3, which stems from a cross-site scripting vulnerability in the view parameter of /phpmybackuppro/getfile.php, whic...

PT-2024-36073

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/backup.php" API endpoint, using the comments and db parameters. This could allow an attacker ...

PT-2024-36020 · Winnmp · Winnmp

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the index page, specifically in the from, subject, text, and hash parameters. This could enable a remote user to send a specially crafted...

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

PT-2024-40216 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe forms affected versions not specified Description: The issue concerns form fields in SilverStripe forms that return isReadonly as true, making them vulnerable to reflected XSS injections. This includes fields like ReadonlyField,...

CVE-2024-3795

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-3796

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-3793

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

CVE-2024-3793

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

CVE-2024-3794

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

CVE-2024-3792

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...

CVE-2024-3791

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...

CVE-2024-3790

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...

CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...

PT-2024-19178 · Zte · Zxun-Epdg

Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...