24 matches found
CVE-2019-16968
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conferencecontrols\conferencecontroldetails.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS...
EUVD-2009-2376
Malware in sbrugna...
EUVD-2019-7446
Malware in sbrugna...
EUVD-2019-7450
Malware in sbrugna...
EUVD-2019-7452
Malware in sbrugna...
EUVD-2019-7462
Malware in sbrugna...
EUVD-2024-2742
Malicious code in bioql PyPI...
CVE-2024-47050
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable...
Cross-site Scripting (XSS)
mautic/core is vulnerable to Cross-Site ScriptingXSS. The vulnerability is due to the Page URL variable not being properly sanitized, allowing malicious scripts to be executed...
CVE-2024-47050
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable...
GHSA-3RFM-JHWJ-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take ...
CVE-2022-37603
A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js...
PT-2022-24024 · Webpack +1 · Webpack Loader-Utils +1
Name of the Vulnerable Software and Affected Versions: webpack loader-utils version 2.0.0 webpack loader-utils versions prior to 1.4.2 webpack loader-utils versions prior to 2.0.4 webpack loader-utils versions prior to 3.2.1 Description: A Regular expression denial of service ReDoS flaw was found...
Fileutils Command Injection vulnerability
Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell...
CVE-2020-10666
The restapps aka Rest Phone apps module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command...
PT-2020-16208
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...
Denial Of Service (DoS)
silverstripe/framework is susceptible to denial of service DoS. The attack exists when an authenticated user with administrative privileges are tricked to open maintenance services in the form of URL Variable Tools such as ?flush, ?isDev and ?isTest or development admin urls /dev/...
Information Disclosure
ShowDoc/ShowDoc is vulnerable to information disclosure. The library does not properly configure it's access controls by default, allowing a malicious user to use the pageid variable in the URL to gain access to sensitive information...
Crlf injection
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable...
CVE-2009-2380
Cross-site scripting XSS vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable...