Gwyn's Imagemap Selector Security Vulnerabilities

grapesjs before 0.19.5 vulnerable to Cross-site Scripting

The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

Cross site scripting

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

Exploit for CVE-2022-32832

CVE-2022-32832 Proof-of-concept and write-up for the...

Cross-site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability exists through the grapesjs dependency used in the library as it does not properly validate the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious...

Security update for the Linux Kernel (important)

An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

CVE-2022-21802 Cross-site Scripting (XSS)

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...

TZInfo relative path traversal vulnerability allows loading of arbitrary files

Impact Affected versions 0.3.60 and earlier. 1.0.0 to 1.2.9 when used with the Ruby data source (tzinfo-data). Vulnerability With the Ruby data source (the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions), time zones are defined in Ruby files. There is one...

TZInfo relative path traversal vulnerability allows loading of arbitrary files

Impact Affected versions 0.3.60 and earlier. 1.0.0 to 1.2.9 when used with the Ruby data source (tzinfo-data). Vulnerability With the Ruby data source (the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions), time zones are defined in Ruby files. There is one...

Exploit for CVE-2022-32832

CVE-2022-32832 Proof-of-concept and write-up for the...

TZInfo relative path traversal vulnerability allows loading of arbitrary files

Impact Affected versions 0.3.60 and earlier. 1.0.0 to 1.2.9 when used with the Ruby data source (tzinfo-data). Vulnerability With the Ruby data source (the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions), time zones are defined in Ruby files. There is one...

OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to...

OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to...

delegatecall() modify merkleRoot, vault may lose all

Lines of code https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/Vault.sol#L86 https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/Vault.sol#L131 Vulnerability details Impact If the vault contract...

Buyout Module: ethBalance is not properly updated

Lines of code Vulnerability details Impact HIGH - Assets can be stolen directly. An attacker can steal eth from buyout module Proof of Concept proof of concept1: testCashShare_poc proof of concept2: testCashRepeat_poc The proof of concept1 shows that the same amount of fractions will result in...

Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying....

Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying....

Security update for python310 (important)

An update that fixes one vulnerability is now available. Description: This update for python310 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.10.5: Core and Builtins gh-93418: Fixed an assert where an f-string has an...

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors. The following example shows how an attacker can exfiltrate....

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors. The following example shows how an attacker can exfiltrate....

Security update for python39 (important)

An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python39 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.9.13: Core and Builtins...

WEF - Wi-Fi Exploitation Framework

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, bluetooth hacking and much more. I recommend you my alfa adapter: Alfa AWUS036ACM, which works really great with both, 2.4 and 5 Ghz Tested and supported in...

Malicious code in ride-mode-selector (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (eeae94f35343e850853d2bd800623b392ca6eb1219179421042cf127de2082be) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively. Unlike other scanners, DOMDig can crawl any webapplication (including gmail) by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate.....

Node DOS by way of memory exhaustion through ExecSync request in CRI-O

Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk....

Node DOS by way of memory exhaustion through ExecSync request in CRI-O

Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk....

(RHSA-2022:4919) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes...

(RHSA-2022:4918) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 (Moderate) (RHSA-2022:4918)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4918 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8 (Moderate) (RHSA-2022:4919)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4919 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L117-L148 Vulnerability details Impact execute() and executeWithBatch1155() are external functions. Both functions run for loops, boundary of which are determined by the function arguments......

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L117-L148 Vulnerability details Impact execute() and executeWithBatch1155() are external functions. Both functions run for loops, boundary of which are determined by the function arguments......

Voting tokens may be lost when given to non-EOA accounts

Lines of code https://github.com/code-423n4/2022-05-velodrome/blob/7fda97c570b758bbfa7dd6724a336c43d4041740/contracts/contracts/VotingEscrow.sol#L378-L406 Vulnerability details Impact veNFTs may be sent to contracts that cannot handle them, and therefore all rewards and voting power, as well as...

WordPress Imagemap Selector plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Imagemap Selector plugin, which stems from...

MediaWiki makeCollapsible allows applying event handler to any CSS selector

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

MediaWiki makeCollapsible allows applying event handler to any CSS selector

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site...

CVE-2022-1221

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site...

Cross site scripting

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site...

CVE-2022-1221 Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-0071328464)

The remote host is missing an update for...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-e9b2e1c1ac)

The remote host is missing an update for...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-0e5d64ce65)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-3.fc35

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.6-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-3.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

virt:ol and virt-devel:ol security, bug fix, and enhancement update

hivex [1.3.18-23] - Limit recursion in ri-records (CVE-2021-3622) resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf...

Improper Restriction of XML External Entity Reference in Apache ActiveMQ

XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown...