15 matches found
EUVD-2024-22945
Malicious code in bioql PyPI...
CVE-2024-25624
CVE-2024-25624 affects Iris (iris-web) and is due to improper Jinja2 environment setup causing Server Side Template Injection (SSTI). An authenticated administrator must upload a crafted report template; when a weaponized report is generated, any user can trigger the vulnerability, potentially le...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
Iris 代码注入漏洞
Iris is a fast, simple but fully featured and very efficient Go web framework. A security vulnerability exists in Iris versions prior to v2.4.6, which stems from an improperly configured environment that is susceptible to server-side template injection SSTI, and successful exploitation of which c...
Cross site scripting
jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...
CVE-2023-31862
CVE-2023-31862 affects jizhicms v2.4.6, with a Cross Site Scripting (XSS) vulnerability where frontend filtering is not mirrored server-side, enabling an attacker to publish an article containing malicious JavaScript by altering the request. Related entries describe XSS in jizhicms v2.5.4 as well...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
Open redirect
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs...
CVE-2022-28923
CVE-2022-28923 affects Caddy v2.4.6. The available sources describe an open redirect in the Caddy 2.4.6 open redirect vulnerability, where a crafted URL can redirect users to attacker-controlled sites, enabling phishing and potential data exposure. The practical impact is phishing-related credent...