PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

PT-2025-26482

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions 6.0.0 through 10.0.0 Description: The issue concerns the DNN formerly DotNetNuke platform, which is an open-source web content management platform in the Microsoft ecosystem. It allows specially crafted conten...

CLSA-2022-1654525948 Fixed CVEs in python2-pip-18.module_el8.4.0+2051+0b56c8de: CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-4189

CVE-2021-3733: urllib: Regular expression DoS in AbstractBasicAuthHandler rhbz2047376 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2047376 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2047376 - CVE-2022-0391: urllib.parse...

Denial Of Service

@next/mdx is vulnerable to denial of service. The vulnerability exists due to lack of sanitation of URL in 'next-server.ts', allowing an attacker to crash the server using invalid or malformed URL...

Cross-site Scripting (XSS)

grafana is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of sanitation of URL allowing a malicious attacker to inject and execute arbitrary javascript...

CVE-2018-7032

webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack...

Shibboleth Service Provider Multiple XSS Vulnerabilities (Windows)

The host has Shibboleth Service Provider installed and is prone to multiple Cross-Site Scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbshibbolethspmultxssvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ Shibboleth Service Provider Multiple XSS Vulnerabilities Windows Authors: Sharath ...

CVE-2005-4305

Cross-site scripting XSS vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page...