20 matches found
EUVD-2018-1982
Malware in sbrugna...
EUVD-2019-2536
Malware in sbrugna...
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2025-25182
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
CVE-2025-25182
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
CVE-2025-25182
Stroom (data processing/storage platform) contains an authentication bypass in versions 7.2-beta.53 and earlier, affecting deployments configured with AWS ALB in a way that the app is not accessed through the ALB. This bypass can enable server-side request forgery and may lead to code execution o...
stroom 安全漏洞
stroom is a highly scalable data storage, processing, and analytics platform open-sourced by GCHQ. A security vulnerability exists in stroom that stems from a vulnerability that allows bypassing the authentication of the stroom system when the ALB is configured and installed in a way that the...
Gchq stroom cross-site scripting vulnerability
Stroom is a scalable data storage, processing and analytics platform. A cross-site scripting vulnerability exists in Gchq stroom. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
Cross site scripting
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2019-10779
All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...
CVE-2019-10779
CVE-2019-10779 affects stroom:stroom-app before 5.5.12 and the 6.0.0 branch before 6.0.25 with an XSS that lets an attacker load the Stroom UI in a hidden iframe and issue commands as the logged-in user. The vulnerability stems from inadequate input validation in the UI, enabling full control of ...
Cross-site Scripting (XSS)
Overview stroom:stroom-app is a highly scalable data storage, processing and analysis platform Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue...
CVE-2018-1000651
Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...
CVE-2018-1000651
Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...
Xxe
Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...
CVE-2018-1000651
CVE-2018-1000651 affects Stroom