Gazelle
Monthly
HTTP Request Smuggling in Gazelle (Perl web server) versions through 0.49 enables attackers to smuggle malicious requests through reverse proxies by exploiting incorrect header precedence. Gazelle violates RFC 7230 by prioritizing Content-Length over Transfer-Encoding: chunked when both headers are present, allowing desynchronization between front-end proxies and the backend server. SSVC framework indicates the vulnerability is automatable with partial technical impact, while CVSS 7.5 reflects network-accessible unauthenticated exploitation with high integrity impact. A vendor patch is available via CPANSec.
A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
HTTP Request Smuggling in Gazelle (Perl web server) versions through 0.49 enables attackers to smuggle malicious requests through reverse proxies by exploiting incorrect header precedence. Gazelle violates RFC 7230 by prioritizing Content-Length over Transfer-Encoding: chunked when both headers are present, allowing desynchronization between front-end proxies and the backend server. SSVC framework indicates the vulnerability is automatable with partial technical impact, while CVSS 7.5 reflects network-accessible unauthenticated exploitation with high integrity impact. A vendor patch is available via CPANSec.
A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.