3 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. El firewall de aplicaciones web (WAF) en Kemp LoadMaster 7.2.54.1 permite ciertos usos de onmouseover para evitar un mecanismo de protección XSS. • https://pastebin.com/kpx9Nvbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) versiones anteriores a 31-12-2021 permite a atacantes remotos no autenticados usar "Content-Encoding: gzip" para omitir los controles de seguridad del WAF y enviar peticiones HTTP POST maliciosas a servidores web detrás del WAF • https://bishopfox.com/blog/imperva-eliminates-critical-exposure • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en MONITORAPP WAF en la que se puede ejecutar un script al responder a la información de Request URL. Proporciona una función para responder a la información de Request URL cuando se bloquea • https://github.com/kbgsft/vuln-AIWAF/wiki/Cross-site-scripting%28XSS%29-vulnerability-in-AIWAF-in-MONITORAPP-by-xcuter https://github.com/monitorapp-aicc/report/wiki/CVE-2020-14210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •