14 matches found
CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
EUVD-2003-1239
Malware in sbrugna...
EUVD-2025-17448
Malicious code in bioql PyPI...
CVE-2025-46827
Graylog has a vulnerability (CVE-2025-46827) where an HTML form in an Event Definition Remediation Step can leak user session cookies if an attacker has create-event-definition rights and the victim can view alerts, with an active input to receive form data. Affected versions are before 6.0.14, 6...
Graylog Allows Session Takeover via Insufficient HTML Sanitization
Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...
CrushFTP AWS4-HMAC Authentication Bypass
This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...
K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809
Security Advisory Description The BIG-IP Next Central Manager user session refresh token does not expire when a user logs out. CVE-2024-39809 Impact An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems manage...
Acronis: Potential XSS Vulnerability in Acronis Login Callback URL
The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...
BIT-RESOURCESPACE-2021-41765
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
CVE-2023-43326
A reflected cross-site scripting XSS vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL...
Sql injection
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple Vulnerabilities
The remote host is running a version 8.1.4.x of IBM Rational License Key Server Administration and Reporting Tool RLKS that is prior to 8.1.4.4. It is, therefore, affected by multiple vulnerabilities : - The secure flag for session cookies is not properly set when in SSL mode. An attacker can...
Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)
Updated mediawiki packages fix security vulnerabilities : Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...
CVE-2003-1249
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions...