HCL DFXAnalytics 跨站脚本漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The Content-Security-Policy does not define strict directives for...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to a weak Content Security Policy on the /proxy/ route. An attacker can bypass the CSP of the media proxy and execute arbitrary JavaScript when opening external images in a new tab or window. Note: This is...

CVE-2024-1656

Affected versions of Octopus Server had a weak content security policy...

CVE-2024-1656

Affected versions of Octopus Server had a weak content security policy...

CVE-2024-1656

CVE-2024-1656 affects Octopus Server; vulnerable component is the web content security policy implementation, described as a weak CSP. CVSSv3.1 base score 2.6 (Low) with Network attack vector, High attack complexity, Privileges required Low, User interaction Required. The exploitation status is n...

PT-2024-18204 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue is related to a weak content security policy in affected versions of the software. There is no information provided about the estimated number of potentially affected devic...

GitLab Enterprise Edition和GitLab Community Edition 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab CE/EE versions 15.4 through...

GHSA-8VX9-HCVQ-GFV8 MantisBT XSS through weak CSP when using Gravatar plugin

MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

MantisBT < 1.3.1, 2.x < 2.0.0-beta.2 Weak Content Security Policy Vulnerability - Linux

MantisBT is prone to a weak Content Security Policy vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

MantisBT < 1.3.1, 2.x < 2.0.0-beta.2 Weak Content Security Policy Vulnerability - Windows

MantisBT is prone to a weak Content Security Policy vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...