'Skylark' App For IOS Security Vulnerabilities

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...

Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter

A cross-site scripting vulnerability in VersionedRequestFilter has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested...

Silverstripe Brute force bypass on default admin

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and...

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant....

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.....

(RHSA-2024:2877) Important: OpenShift Container Platform 4.13.42 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...

(RHSA-2024:2875) Important: OpenShift Container Platform 4.13.42 bug fix and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the RPM...

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation

When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters. For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush"...

CVE-2024-4365

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Silverstripe External redirection risk in Security?ReturnURL

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...

Silverstripe External redirection risk in Security?ReturnURL

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site. For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page...

urlaub.sylt-sothebysrealty.com Cross Site Scripting vulnerability OBB-3930056

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

edeis.com Cross Site Scripting vulnerability OBB-3930057

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

buvettegastrotheque.com Cross Site Scripting vulnerability OBB-3930054

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

budgettraveltalk.com Cross Site Scripting vulnerability OBB-3930053

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

groupespro.com Cross Site Scripting vulnerability OBB-3930052

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dulhemiyan.com Cross Site Scripting vulnerability OBB-3930050

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dutchdesignersoutlet.com Cross Site Scripting vulnerability OBB-3930051

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

syfpeithi.com Cross Site Scripting vulnerability OBB-3930045

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

laurierduvallon.com Cross Site Scripting vulnerability OBB-3930047

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

palocok.com Cross Site Scripting vulnerability OBB-3930049

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

neatanswers.com Cross Site Scripting vulnerability OBB-3930048

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

signaturecontractors.com Cross Site Scripting vulnerability OBB-3930046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

keanmiller.com Cross Site Scripting vulnerability OBB-3930043

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pinkpearlwriting.com Cross Site Scripting vulnerability OBB-3930041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

richandthompson.com Cross Site Scripting vulnerability OBB-3930042

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

artonicweb.com Cross Site Scripting vulnerability OBB-3930044

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

giibi.com Cross Site Scripting vulnerability OBB-3930038

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

nipro-group.com Cross Site Scripting vulnerability OBB-3930039

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

meinvite.com Cross Site Scripting vulnerability OBB-3930037

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sola-resort.com Cross Site Scripting vulnerability OBB-3930036

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-4956

CVE-2024-4956-PoC Mass...

CVE-2024-4365 Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-25139 vulnerabilities

Vulnerabilities for packages:...

GHSA-JJR8-97P7-VMMG vulnerabilities

Vulnerabilities for packages:...

CVE-2024-1442 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24579 vulnerabilities

Vulnerabilities for packages: syft, kubescape, wolfictl, k9s, zarf,...

CVE-2023-45283 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-40225 vulnerabilities

Vulnerabilities for packages:...

GHSA-MV93-WVCP-7M7R vulnerabilities

Vulnerabilities for packages:...

CVE-2024-28249 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-28860 vulnerabilities

Vulnerabilities for packages:...

GHSA-PPF8-HHPP-F5HJ vulnerabilities

Vulnerabilities for packages:...

GHSA-CJ6R-8PXJ-5JV6 vulnerabilities

Vulnerabilities for packages:...

GHSA-6JVC-Q2X7-PCHV vulnerabilities

Vulnerabilities for packages:...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: apko, tkn, aactl, flux-source-controller, falco, slsa-verifier, melange, wolfictl, kubescape, spire-server, goreleaser, gitsign, tekton-chains, falcoctl, policy-controller, zot, ko, zarf,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: dagger, tkn, crossplane, kaniko, aactl, telegraf, datadog-agent, buf, kargo, docker-compose, grype, ctop, melange, cadvisor, trivy, syft, kubescape, wolfictl, spire-server, goreleaser, up, prometheus, buildkitd, zot, ko, conftest,...