8 matches found
CVE-2026-33675
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trell...
Cross-site Scripting (XSS)
silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to an unvalidated returnURL parameter in the dev/build endpoint, which can cause users to be redirected to unverified third-party URLs...
CVE-2023-38308
An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...
PT-2023-4155 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Cross-Site Scripting XSS issue was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious...
Webmin 跨站脚本漏洞
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021, which stems from a cross-site scripting XSS vulnerability discovered in the HTTP tunneling feature when handling third-party...
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...
Gospider - Fast Web Spider Written In Go
GoSpider - Fast web spider written in Go Installation go get -u github.com/jaeles-project/gospider Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from respons...
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign
A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with t...