CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10272
https://notcve.org/view.php?id=CVE-2019-10272
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring. Se descubrió un problema en Weaver e-cology versión 9.0. Existe una vulnerabilidad de inyección CRLF a través de /workflow/request/ViewRequestForwardSPA.jsp, como lo demuestra el parámetro %0aSet-cookie: substring. • https://expzh.com/Weaver-e-cology9.0-CRLF-Injection.pdf https://www.weaver.com.cn/cs/securityDownload.asp • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1780
https://notcve.org/view.php?id=CVE-2007-1780
Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el shell DHT (owdhtshell) en Overlay Weaver 0.5.9 hasta 0.5.11, cuando se invoca con la opción -x, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos en ciertos formularios de entrada. • http://jvn.jp/jp/JVN%2362399483/index.html http://overlayweaver.sourceforge.net/news http://secunia.com/advisories/24669 http://www.securityfocus.com/bid/23195 http://www.vupen.com/english/advisories/2007/1167 https://exchange.xforce.ibmcloud.com/vulnerabilities/33340 •