Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the eventstream decoder process. An attacker can cause the host process to terminate unexpectedly by sending a crafted EventStream response frame containing a header value type byte outside the valid range...

CVE-2022-40257

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field...

PT-2022-5025 · Unknown · Cert/Cc Vince

Name of the Vulnerable Software and Affected Versions: CERT/CC VINCE versions prior to 1.50.4 Description: An HTML injection issue exists, allowing an authenticated attacker to inject arbitrary HTML via a form using the Product Affected field. This can be exploited by a remote attacker...

VINCE 跨站脚本漏洞

VINCE is a CERT Coordination Center in the United States CERT Coordination Center open source a CERT Coordination Center development and use of vulnerability information and coordination environment. Vulnerability disclosure for improved coordination. A cross-site scripting vulnerability exists i...

PT-2022-5026 · Unknown · Cert/Cc Vince

Name of the Vulnerable Software and Affected Versions: CERT/CC VINCE versions prior to 1.50.4 Description: An HTML injection issue exists due to the failure to neutralize special elements. This allows a remote attacker to inject arbitrary HTML code via a crafted email with HTML content in the...