A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22language%22%20xss.md
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. Date published : 2021-03-23 https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22module%22%20xss.md
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. Date...
The Config UI component of TIBCO Software Inc.’s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access...
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made...
Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server’s file system. This issue is more prevalent...
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type...
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script...
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing...
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these...
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only...