CVE-2024-11695

A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

CVE-2024-45101

A privilege escalation vulnerability was discovered when Single Sign On SSO is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL...

CVE-2024-45101

A privilege escalation vulnerability was discovered when Single Sign On SSO is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL...

CVE-2024-43400 XWiki Platform allows XSS through XClass name in string properties

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. Thi...

CVE-2024-6456

CVE-2024-6456 describes a SQL Injection vulnerability in AVEVA Historian Server. Public sources in the connected documents indicate that an attacker could exploit the issue by enticing a user to open a specially crafted URL via the interactive Historian REST Interface, allowing the execution of S...

CVE-2024-2248

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

CVE-2024-22854

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...

CVE-2023-51889

Stack Overflow vulnerability in the validate function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL...

Command injection

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL...

CVE-2021-20669

GROWI (WESEEK) before version 4.2.20 is affected by CVE-2021-20669, a path traversal vulnerability. An attacker with administrator rights can read and/or delete arbitrary files by sending a specially crafted URL to GROWI 4.2.2 and earlier. The issue stems from improper path handling in requests, ...

CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL...

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...

Simple Download Monitor < 3.8.9 - SQL Injection

Gen Sato of Mitsui Bussan Secure Directions, discovered an Authenticated admin+ SQL Injection issue, which could result in an arbitrary SQL command executed if a user accesses a specially crafted URL while logged in...

Cross site scripting

Insufficient Cross-Site Scripting XSS protection in Juniper Networks J-Web and web based HTTP/HTTPS services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Junip...

CVE-2020-5541

Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL...

CVE-2020-1323

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'...

MS13-003: Vulnerabilities in System Center Operations Manager could allow elevation of privilege: March 12, 2013

Resolves vulnerabilities in Microsoft System Center Operations Manager that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.INTRODUCTIONMicrosoft has released security bulletin MS13-003. To view the complete security bulletin, visit the...

Cross-site Scripting (XSS)

kdelibs is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-site scripti...

Cross site scripting

A reflected Cross-Site-Scripting XSS vulnerability has been identified in Siemens PLM Software TEAMCENTER V9.1.2.5. If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software...

CVE-2017-12836

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."...