CVE-2025-61132

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAME...

CVE-2025-61136

A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's urlforexternal=True generates reset links without a fixed SERVERNAM...

EUVD-2018-4564

Malware in sbrugna...

GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16518)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing a project's file contents, commit history, bug lists, and more. A cross-site scripting...

CVE-2018-12605

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'urlfor' contained a XSS issue due to it allowing arbitrary protocols as a parameter...

CVE-2018-12605

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'urlfor' contained a XSS issue due to it allowing arbitrary protocols as a parameter...

CVE-2018-12605

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'urlfor' contained a XSS issue due to it allowing arbitrary protocols as a parameter...

Gitlab -- multiple vulnerabilities

Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...