50 matches found
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
OESA-2025-1269 pki-core security update
Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...
CVE-2024-57052
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...
CVE-2024-57052
Summary (CVE-2024-57052) YouDianCMS (v9.5.20 and earlier) is affected by a privilege-escalation issue via the sessionID parameter in index.php. Root cause involves improper session handling that can allow remote attackers to gain higher privileges. A patch/version with fix not publicly documented...
PT-2025-3398 · Unknown · Youdiancms
Name of the Vulnerable Software and Affected Versions: YouDianCMS versions 9.5.20 and earlier Description: The issue allows a remote attacker to escalate privileges via the sessionID parameter in the "index.php" file. This is related to incorrect session management, which can lead to privilege...
CVE-2024-37783
A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...
CVE-2024-37783
A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...
PT-2024-27750 · Gladinet · Gladinet Centrestack
Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...
CVE-2024-37783
CVE-2024-37783 is a reflected XSS vulnerability in Gladinet CentreStack v13.12.9934.54690. The issue can inject malicious JavaScript into a victim’s browser via the sessionId parameter at /portal/ForgotPassword.aspx. Affected component is the ForgotPassword flow; root cause is reflected XSS; CVSS...
PT-2024-10118
Name of the Vulnerable Software and Affected Versions dogtag-pki and pki-core affected versions not specified Description The issue is related to an authentication bypass in dogtag-pki and pki-core due to an original error. This can be exploited by a remote attacker to escalate their privileges...
Netcon NS-ASG Security Vulnerability
Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from the parameter SessionId in the file /admin/listonlineuser.php that can lead to SQL injection...
CVE-2018-7314
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...
Sql injection
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...
CVE-2017-11458
Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...
Cross site scripting
Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...
Schneider Electric U.motion Builder nfcserver Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder nfcserver. The underlying SQLite database query requires SQL injection on the sessionid input parameter. A remote attacker can exploit the...
CVE-2014-9468
Multiple cross-site scripting XSS vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to 1 Join.aspx or 2 Logon.aspx...
CVE-2014-9468
InstantASP InstantForum.NET has multiple XSS vulnerabilities (CVE-2014-9468) affecting versions 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0 and 3.4.0. The issue is a reflected cross-site scripting vulnerability: attacker-supplied input in the SessionID parameter is echoed in Join.aspx or Logon.aspx, enabli...
4images 1.7.1 member.php sessionid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...
InstantASP 4.1 Logon.aspx SessionID Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...