Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script....
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this iss...
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprint...
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remot...
An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an u...
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.