Lucene search
K

16 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 6:2 p.m.6 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/07 6:0 p.m.4 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26674

CVE-2025-55988 An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path. https://t.co/bR1dLDXebx...

7.2CVSS5.8AI score0.00865EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/02 4:16 p.m.3 views

CVE-2026-28357

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/02 4:16 p.m.5 views

CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.3 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.3 views

PT-2025-4128 · Mozilla +8 · Thunderbird +8

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.7 Description: The Thunderbird Address Book URI fields contained unsanitized links, which could be used by an attacker to create and export an address book containing a malicious payload in a field, such as t...

9.8CVSS9.4AI score0.1307EPSS
Exploits3References346
PyPA
PyPA
added 2018/03/07 11:29 p.m.8 views

PYSEC-2018-51

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

9.8CVSS6.9AI score0.02195EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2015/08/04 12:0 a.m.33 views

WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ -...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2004/12/14 12:0 a.m.11 views

UseModWiki 1.0 - Wiki.pl Cross-Site Scripting

UseModWiki 1.0 - Wiki.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/11924/info It is reported that UseModWiki is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input before outputting i...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/28 12:0 a.m.145 views

WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...

7AI score
Exploits0
exploitpack
exploitpack
added 2004/06/28 12:0 a.m.19 views

CuteNews 0.881.3 - example1.php Cross-Site Scripting

CuteNews 0.881.3 - example1.php Cross-Site Scripting source: https://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. T...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2004/01/12 12:0 a.m.10 views

PHPGedView 2.52.6 - Gdbi_interface.php Cross-Site Scripting

PHPGedView 2.52.6 - Gdbiinterface.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11894/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2004/01/12 12:0 a.m.15 views

PHPGedView 2.52.6 - login.php?Username Cross-Site Scripting

PHPGedView 2.52.6 - login.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/11904/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/12 12:0 a.m.21 views

PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting

source: https://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/10/29 12:0 a.m.32 views

Crossite scripting in AN HTTPD

AN HTTPD shows an error page if a client sends a request containing ":" in the URI field. The problem occurs due to the fact that this URI is injected into the error page without being sanitized...

0.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder