5 matches found
EUVD-2022-7280
Malicious code in bioql PyPI...
CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...
CVE-2022-41706
CVE-2022-41706 affects Browsershot version 3.57.2, where the URL protocol passed to Browsershot::url is not validated. This allows an external attacker to remotely obtain arbitrary local files. The available documents describe the vulnerability and impact (remote local file access) but do not pro...
PT-2022-26035 · Unknown · Browsershot
Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...
CVE-2014-9272
The stringinserthref function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting XSS attacks via the javascript:// protocol...