CVE-2021-31659

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery CSRF. All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the passwo...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

EUVD-2024-43784

Malicious code in bioql PyPI...

CVE-2024-10825

The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-10033 Aap-gateway: xss on aap-gateway

A vulnerability was found in aap-gateway. A Cross-site Scripting XSS vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions a...

Gradio vulnerable to SSRF in the path parameter of /queue/join

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable...

CVE-2020-17484

An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain...

CVE-2023-48565

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-35155

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

Multiple XSS Vulnerabilities in Queue Condition

Description Cross-Site Scripting XSS vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code...

The settings of repositories is vulnerable to CSRF

Description The malicious user can change the settings of repository by sending the URL to the victim. Proof of Concept 1.Login into the application https://rdiffweb-demo.ikus-soft.com/settings/admin/test-encoding . 2.Go to test-encoding. 3.Check that the value of remove older is forever. 4.Open...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

Design/Logic Flaw

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2022-36270

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php...

Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/?step=demo&page=owpsetup&a"alert/XSS/...

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

CVE-2021-36062

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...