3 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 https://github.com/sileht/bird-lg/pull/82 https://vuldb.com/?id.216479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. BIRD Internet Routing Daemon en versiones anteriores a la 1.6.4 permite que usuarios locales provoquen una denegación de servicio (consumo de pila y cierre inesperado del demonio) mediante expresiones BGP mask en birdc. • http://bird.network.cz https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967 https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11 https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3

Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php. Múltiples vulnerabilidades CSRF en el plugin Bird Feeder 1.2.3 de WordPress permite a atacantes remotos secuestrar la autenticación de las peticiones de administradores que conllevan ataques XSS a través de (1) el usuario o (2) la contraseña en la página bird-feeder a wp-admin/options-general.php. WordPress Bird Feeder plugin version 1.2.3 suffers from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129623/WordPress-Bird-Feeder-1.2.3-CSRF-XSS.html http://seclists.org/fulldisclosure/2014/Dec/69 http://www.vulnerability-lab.com/get_content.php?id=1372 https://exchange.xforce.ibmcloud.com/vulnerabilities/99474 • CWE-352: Cross-Site Request Forgery (CSRF) •