CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service DoS via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2017-16956

b3log Symphony aka Sym 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title...

CVE-2017-15687

DOM Based Cross Site Scripting XSS exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI...

CVE-2016-1222

Cross-site scripting XSS vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI...

CVE-2015-5256

Summary of CVE-2015-5256 : Apache Cordova-Android before 4.1.0 contains a flaw in the remote server relyance whitelisting mechanism that allows an attacker to bypass intended access restrictions by crafting a URI. This can enable execution of non-whitelisted JavaScript. Concrete details from conn...

CVE-2012-6102

The CVE-2012-6102 issue affects Moodle’s Assignment module: specifically the Submissions comments plugin (lib.php). It allows remote attackers to read or modify any user’s submission comments (feedback comments) via a crafted URI in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1. The root cause...

CVE-2011-4836

Cross-site scripting XSS vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI...