11 matches found
CVE-2026-9699
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-6858 Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...
PT-2026-22931
Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.2 Description The 2N Access Commander software contains a flaw related to insufficient validation of data written to logs. Specifically, certain parameters received through the API are included in log...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...
EUVD-2019-7576
Malware in sbrugna...
CVE-2021-43702
ASUS RT-A88U 3.0.0.4.38645898 is vulnerable to Cross Site Scripting XSS. The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device...
WordPress plugin Easy Digital Downloads 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to a cross-site scripting vulnerability that stems from...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...
PT-2010-1349 · Thttpd · Thttpd
Name of the Vulnerable Software and Affected Versions: thttpd version 2.25b0 Description: The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing...