BD Alarisâ„¢ Guardrailsâ„¢ Editor Security Vulnerabilities

CVE-2024-33997 moodle: stored XSS risk when editing another user's equation in equation editor

Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's...

Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload

The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

TYPO3 Brute Force Protection Bypass in backend login

The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field....

TYPO3 CMS Privilege Escalation and SQL Injection

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

TYPO3 CMS Privilege Escalation and SQL Injection

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting (XSS . The vulnerability is due to inadequate input validation, allowing an attacker to embed malicious JavaScript through onmouseover or onmouseout attributes in the WYSIWYG...

[SECURITY] Fedora 40 Update: rust-lino-0.10.0-9.fc40

A command line text editor with notepad like key...

[SECURITY] Fedora 40 Update: helix-24.03-3.fc40

A Kakoune / Neovim inspired editor, written in...

Foxit PDF Editor < 12.1.7 Vulnerability

According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.7. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...

Foxit PDF Editor < 11.2.10 Vulnerability

According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.10. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...

Foxit PDF Editor < 13.1.2 Vulnerability

According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...

[SECURITY] Fedora 39 Update: libreoffice-7.6.7.2-1.fc39

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...

Foxit PDF Editor < 2024.2.2 Vulnerability

According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.2.2. It is, therefore affected by vulnerability: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 110 vulnerabilities disclosed in 84...

CVE-2024-3711

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for...

(RHSA-2024:3304) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for...

openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: * respect configuration for remote when fetching (also applies to pulling) * add : character to sign-off trailer...

RHEL 8 : vorbis-tools (RHSA-2024:3095)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3095 advisory. The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open,...

FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory. Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS...

RHEL 7 : libreoffice (RHSA-2024:3304)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor,...

Silverstripe admin XSS Vulnerability via WYSIWYG editor

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious...

Silverstripe admin XSS Vulnerability via WYSIWYG editor

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious...

(RHSA-2024:3265) Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For...

(RHSA-2024:3095) Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...

CVE-2024-31394

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-31395

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-31395

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-31394

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...

Moderate: vorbis-tools security update

The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...

Gitlab -- Vulnerabilities

Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match Redos...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) grafana: vulnerable to authorization bypass (CVE-2024-1313) For more...

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS &gt;= 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing...

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS &gt;= 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing...

CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by...

Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances

V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that should.....

CVE-2024-4372

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...

CVE-2024-4372 Carousel Slider < 2.2.11 - Editor+ Stored XSS

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting...

Object Injection

ezsystems/ezpublish-legacy is vulnerable to Object Injection. The vulnerability due to in the Legacy Shop module which allows an attacker with backend editor privileges to manipulate the discount rule...

Rocket LMS 1.9 Cross Site Scripting

...

Rocket LMS 1.9 - Persistent Cross Site Scripting Vulnerability

...

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

...