In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of …
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of …
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.