47 matches found
CVE-2024-23879
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability...
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...
GHSA-4R8Q-GV9J-3XX6 Open Redirect
Impact In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have...
CVE-2021-43058
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2021-2549)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2549)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This...
CVE-2021-32645
Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the...
CVE-2021-27461
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs...
CVE-2021-22113
Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...
NewStart CGSL CORE 5.05 / MAIN 5.05 : git Multiple Vulnerabilities (NS-SA-2020-0113)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has git packages installed that are affected by multiple vulnerabilities: - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clone...
KonaWiki3 cross-site scripting vulnerability
KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...
CVE-2020-24301
Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...
Twitter Analytics Open Redirect
================================================================================Twitter Analytics Open Redirect Vulnerability ================================================================================ Credit by Asheesh Anaconda Description An open redirect vulnerability exists in Twitter...
EulerOS 2.0 SP3 : git (EulerOS-SA-2020-2111)
According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git use...
Important: git
Issue Overview: Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260GHSA-qm7j-c969-7j4q. The fix for that bug still left the door open for an exploit where some credentia...
CVE-2020-10643
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component...
CVE-2020-10643
CVE-2020-10643 affects OSIsoft PI Vision (PI System) with a cross-site scripting vulnerability in the PI Vision web application caused by improper input validation in a third-party component. An authenticated remote attacker can use specially crafted URLs to direct a victim using PI Vision 2019 m...
CVE-2020-10643 OSIsoft PI System
An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component...
NewStart CGSL MAIN 6.01 : git Vulnerability (NS-SA-2020-0036)
The remote NewStart CGSL host, running version MAIN 6.01, has git packages installed that are affected by a vulnerability: - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to...
Exploit for Path Traversal in Vmware Spring_Cloud_Config
CVE-2020-5410 Spring Cloud Config directory traversal vulnera...