Lucene search
K

50 matches found

Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

4.3CVSS0.00458EPSS
Exploits1References2
OSV
OSV
added 2025/03/14 3:43 p.m.3 views

OESA-2025-1269 pki-core security update

Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...

7.5CVSS7.2AI score0.00659EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/27 12:0 a.m.5 views

CVE-2024-57052

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...

9.5AI score0.00488EPSS
Exploits0References1
CVE
CVE
added 2025/01/27 12:0 a.m.73 views

CVE-2024-57052

Summary (CVE-2024-57052) YouDianCMS (v9.5.20 and earlier) is affected by a privilege-escalation issue via the sessionID parameter in index.php. Root cause involves improper session handling that can allow remote attackers to gain higher privileges. A patch/version with fix not publicly documented...

9.8CVSS7.2AI score0.00488EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-3398 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS versions 9.5.20 and earlier Description: The issue allows a remote attacker to escalate privileges via the sessionID parameter in the "index.php" file. This is related to incorrect session management, which can lead to privilege...

10CVSS7.7AI score0.00488EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/11/22 12:0 a.m.7 views

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

5.7AI score0.00366EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/22 12:0 a.m.23 views

CVE-2024-37783

A reflected cross-site scripting XSS vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx...

0.00366EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.7 views

PT-2024-27750 · Gladinet · Gladinet Centrestack

Name of the Vulnerable Software and Affected Versions: Gladinet CentreStack version 13.12.9934.54690 Description: A reflected cross-site scripting XSS issue allows attackers to inject malicious JavaScript into a victim's web browser via the sessionId parameter at the "/portal/ForgotPassword.aspx"...

5.4CVSS5.7AI score0.00366EPSS
Exploits0References5
CVE
CVE
added 2024/11/22 12:0 a.m.56 views

CVE-2024-37783

CVE-2024-37783 is a reflected XSS vulnerability in Gladinet CentreStack v13.12.9934.54690. The issue can inject malicious JavaScript into a victim’s browser via the sessionId parameter at /portal/ForgotPassword.aspx. Affected component is the ForgotPassword flow; root cause is reflected XSS; CVSS...

5.4CVSS5.7AI score0.00366EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.2 views

PT-2024-10118

Name of the Vulnerable Software and Affected Versions dogtag-pki and pki-core affected versions not specified Description The issue is related to an authentication bypass in dogtag-pki and pki-core due to an original error. This can be exploited by a remote attacker to escalate their privileges...

7.5CVSS7.1AI score0.00659EPSS
Exploits0References53
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.3 views

Netcon NS-ASG Security Vulnerability

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which originates from the parameter SessionId in the file /admin/listonlineuser.php that can lead to SQL injection...

8.8CVSS7.4AI score0.00656EPSS
Exploits1References4
NVD
NVD
added 2018/02/22 7:29 p.m.31 views

CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...

9.8CVSS9.9AI score0.58373EPSS
Exploits6References1
Prion
Prion
added 2018/02/22 7:29 p.m.12 views

Sql injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429...

7.5CVSS9.8AI score0.58373EPSS
Exploits6References1Affected Software1
NVD
NVD
added 2017/07/25 6:29 p.m.14 views

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

6.1CVSS6.1AI score0.0097EPSS
Exploits0References2
Prion
Prion
added 2017/07/25 6:29 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

4.3CVSS6AI score0.0097EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/06/14 12:0 a.m.1 views

Schneider Electric U.motion Builder nfcserver Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder nfcserver. The underlying SQLite database query requires SQL injection on the sessionid input parameter. A remote attacker can exploit the...

9.4AI score
Exploits0References1
Cvelist
Cvelist
added 2015/02/19 3:0 p.m.27 views

CVE-2014-9468

Multiple cross-site scripting XSS vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to 1 Join.aspx or 2 Logon.aspx...

5.8AI score0.01773EPSS
Exploits2References3
CVE
CVE
added 2015/02/19 3:0 p.m.39 views

CVE-2014-9468

InstantASP InstantForum.NET has multiple XSS vulnerabilities (CVE-2014-9468) affecting versions 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0 and 3.4.0. The issue is a reflected cross-site scripting vulnerability: attacker-supplied input in the SessionID parameter is echoed in Join.aspx or Logon.aspx, enabli...

4.3CVSS5.9AI score0.01773EPSS
Exploits2References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

4images 1.7.1 member.php sessionid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

InstantASP 4.1 Logon.aspx SessionID Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...

7.1AI score
Exploits0
Rows per page
Query Builder