Lucene search
K

12 matches found

OSV
OSV
added 2026/07/02 7:9 p.m.4 views

GHSA-3VCG-PV95-PQ54 SFTPGo has stored XSS via inline parameter on public shares and user file download

Summary The inline query parameter on the browsable-share file download and on the authenticated user file download suppressed Content-Disposition: attachment, so an HTML file stored in a share or home directory could be served as text/html and execute in SFTPGo's web origin stored XSS. Impact Lo...

3.7CVSS5.8AI score0.00028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:14 p.m.9 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS7.7AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-4791

Malware in sbrugna...

9.8CVSS9.5AI score0.00543EPSS
Exploits0References2
NVD
NVD
added 2024/11/20 12:15 a.m.60 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00305EPSS
Exploits0References1
OSV
OSV
added 2024/11/20 12:15 a.m.7 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS5.9AI score0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/19 11:57 p.m.18 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 11:57 p.m.14 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

6.7AI score0.00305EPSS
Exploits0References1
Prion
Prion
added 2018/04/04 4:29 p.m.19 views

Design/Logic Flaw

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...

7.5CVSS8.5AI score0.00543EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/04 4:29 p.m.19 views

CVE-2017-13274

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...

9.8CVSS8.8AI score0.00543EPSS
Exploits0References1
OSV
OSV
added 2018/04/04 4:29 p.m.4 views

CVE-2017-13274

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...

9.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2018/04/04 4:0 p.m.23 views

CVE-2017-13274

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...

8.8AI score0.00543EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/11/15 3:29 a.m.3 views

CVE-2017-11833

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information...

4.3CVSS5.5AI score0.0593EPSS
Exploits0References4
Rows per page
Query Builder