Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the sessionslist, sessionshistory, and sessionssend tools. An attacker can access sensitive transcript content from peer sessions by exploiting insufficient...

CVE-2023-53794 cifs: fix session state check in reconnect to avoid use-after-free issue

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

SUSE CVE-2010-4172

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

Nextcloud: No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted

There is no session logout after changing password and also if admin needs to disconnect some session of android no android sessions are shown in list If attacker has password and logins somehow using android app he may not be logged out as there are no session logout after changing password and...

tomcat: cross-site-scripting vulnerability in the manager application

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

CVE-2010-4172

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

PT-2010-5335 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 6.0.12 through 6.0.29 Apache Tomcat versions 7.0.0 through 7.0.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the orderBy or sort parameters to "sessionsList.jsp", or...