Cross-Site Scripting (XSS)

prismJS is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the url function of Previewers plugin...

Op-browser Command Injection Vulnerability

op-browser is a module for opening browser windows and setting up proxies. A command injection vulnerability exists in op-browser 1.0.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary commands via the url function...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

Command injection

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

PT-2019-16835 · Elog · Elog

Name of the Vulnerable Software and Affected Versions: ELOG versions 3.1.4-57bea22 and below Description: The issue is related to a denial of service due to a use after free, where a remote unauthenticated attacker can crash the server by sending multiple HTTP POST requests. This causes the...

UBUNTU-CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

CVE-2013-6044

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...