Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-36486: HTTP Error 404

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the ‘path’ parameter of the ‘list’ and ‘download’ exception-handling.

CVE
#xss#vulnerability

Related news

CVE-2021-26786: PlayTube install/index.php ReInstall with no Limit to Excute php code Vulnerability · Issue #1 · customercentric-selling-poland/playtuber

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.

CVE-2020-23685: 118jianzhan v2.10 /Admin/login.php sql injection vulnerability · Issue #2 · vtime-tech/188Jianzhan

SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.

CVE-2020-23038: HTTP Error 404

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.

CVE-2021-41971: Pony Mail!

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

CVE-2021-40542: Unauthenticated Reflect Cross-site Scripting in Ajax_url_encode.php file · Issue #189 · OS4ED/openSIS-Classic

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

CVE-2021-25959: WhiteSource Vulnerability Database

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

CVE-2021-38338: Vulnerability Advisories - Wordfence

The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

CVE-2021-38320: Vulnerability Advisories - Wordfence

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0.

CVE-2021-38319: Vulnerability Advisories - Wordfence

The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.

CVE-2021-38714: PLIB / Bugs / #55 integer overflow for maliciously crafted tga file

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907