A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has…
[graphite-web] Graphite Web Cross-site Scripting vulnerability
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploi…
[rdiffweb] rdiffweb has no rate limit on resend email feature
rdiffweb prior to 2.5.5 has no rate limit on the “resend email feature” while enable or disable 2FA from /prefs/mfa endpoint .
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4723
https://github.com/ikus060/rdiffweb/commit/6e9ee210548f6d3210704ca…
[graphite-web] Graphite Web Cross-site Scripting vulnerability
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely…
[rdiffweb] rdiffweb vulnerable to Business Logic Errors
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4719
https://github.com/ikus060/rdiffweb/commit/bc4bed89affcba71251fe54ed10639da9d392c1d
https://huntr.dev/bounties/9f7468…
[rdiffweb] rdiffweb vulnerable to Special Element Injection
In rdiffweb prior to 2.5.5, lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites.
References
https://nvd.nist.gov/vuln/detail/CVE-202…
[oxidized-web] Oxidized Web vulnerable to Cross-site Scripting
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It i…
[binwalk] binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to syml…
[php-mod/curl] php-mod/curl allows Cross-site Scripting
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-30134
https://wpscan.com/vu…
[fast-json-patch] Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype po…