EUVD-2022-2429

Malicious code in bioql PyPI...

CVE-2023-24521

Due to insufficient input sanitization, SAP NetWeaver AS ABAP BSP Framework - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the...

CVE-2023-6760

The CVE-2023-6760 entry applies to Thecosy IceCMS up to version 2.0.1. The vulnerability is described as affecting unknown code and enabling remote manipulation that leads to management of user sessions. Exploitation is noted as publicly disclosed. Connected sources corroborate impact on session ...

Mozilla: Security bug https://bugzilla.mozilla.org/oauth/authorize - CRLF Header injection via "redirect_uri" parameter

A cross-site scripting vulnerability was found in the "redirecturi" parameter of the OAuth authorization endpoint at https://bugzilla.mozilla.org/oauth/authorize that allowed arbitrary HTTP response headers to be injected through carriage return and line feed encoding in the parameter value,...

ERP Sankhya 4.13.x Cross Site Scripting

Exploit Title: ERP Sankhya - XSS to Account Takeover Google Dork: N/A Date: 19/10/2022 Exploit Author: Lucas Alves Da Cunha - 0xLucas Vendor Homepage: https://www.sankhya.com.br Version: Sankhya Om Payload utilizado para capturar os dados da sessão do usuário: Passos para reprodução: 1 -...