16 matches found
jastow: Jastow Cross-Site Scripting attack due to unsanitized URI
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
jastow: Jastow Cross-Site Scripting attack due to unsanitized URI
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...
PT-2026-26674
CVE-2025-55988 An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path. https://t.co/bR1dLDXebx...
CVE-2026-28357
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
PT-2025-4128 · Mozilla +8 · Thunderbird +8
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.7 Description: The Thunderbird Address Book URI fields contained unsanitized links, which could be used by an attacker to create and export an address book containing a malicious payload in a field, such as t...
PYSEC-2018-51
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...
WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: WordPress 'Facebook, Twitter & Google+ Social Widgets' Plugin Version: 1.3.7 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/facebook-twitter-google-social-widgets/ -...
UseModWiki 1.0 - Wiki.pl Cross-Site Scripting
UseModWiki 1.0 - Wiki.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/11924/info It is reported that UseModWiki is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input before outputting i...
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...
CuteNews 0.881.3 - example1.php Cross-Site Scripting
CuteNews 0.881.3 - example1.php Cross-Site Scripting source: https://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. T...
PHPGedView 2.52.6 - Gdbi_interface.php Cross-Site Scripting
PHPGedView 2.52.6 - Gdbiinterface.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11894/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...
PHPGedView 2.52.6 - login.php?Username Cross-Site Scripting
PHPGedView 2.52.6 - login.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/11904/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
source: https://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...
Crossite scripting in AN HTTPD
AN HTTPD shows an error page if a client sends a request containing ":" in the URI field. The problem occurs due to the fact that this URI is injected into the error page without being sanitized...