Overview : |
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. |
Affected Product(s) : |
|
Vulnerability Details : |
||||
Solution : |
Overview : |
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. |
Affected Product(s) : |
|
Vulnerability Details : |
||||
Solution : |
Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. References https://www.arcticsecurity.com/security/vulnerability-note-2024-12-20 For More Information CVERecord
Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. References https://access.redhat.com/security/cve/CVE-2024-12840 https://bugzilla.redhat.com/show_bug.cgi?id=2333494 For More Information CVERecord
Description IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. References https://www.ibm.com/support/pages/node/7179496 For More Information CVERecord
Prophaze is proudly powered by WordPress