OPENSUSE-SU-2021:1600-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 96.0.4664.110 boo1193713: CVE-2021-4098: Insufficient data validation in Mojo CVE-2021-4099: Use after free in Swiftshader CVE-2021-4100: Object lifecycle issue in ANGLE CVE-2021-4101: Heap buffer overflow in Swiftshader CVE-2021-4102:...

MGASA-2021-0565 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to 96.0.4664.110 version that fixes multiples security vulnerabilities. One of these CVEs is known to be actively exploited. Insufficient data validation in Mojo...

SourceCodester Vehicle Service Management System Cross-Site Scripting Vulnerability

Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System is a cross-site scripting vulnerability that could be exploited by an attacker through a lack of data validation filtering of user-supplied and output data in...

Genesys Workforce Management Cross-Site Scripting Vulnerability

Genesys Workforce Management is a workforce management system from Genesys, Inc. A cross-site scripting vulnerability exists in Genesys Workforce Management version 8.5.214.20, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the...

Verint Systems Verint Workforce Optimization Cross-Site Scripting Vulnerability

Verint Systems Verint Workforce Optimization WFO is a workforce performance management solution from Verint Systems, Inc. A cross-site scripting vulnerability exists in version 8.10048, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploi...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2021-101696)

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation of the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a cross-sit...

WordPress duoFAQ - Responsive, Flat, Simple FAQ plugin cross-site scripting vulnerability

duoFAQ - Responsive, Flat, Simple FAQ plugin is a WordPress open source application plugin. duoFAQ - Responsive, Flat, Simple FAQ plugin for WordPress suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of data validation filtering of user-supplied data and...

WordPress link-list-manager plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. link-list-manager plugin is a WordPress open source application plugin. WordPress link-list-manager plugin has a...

WordPress WooCommerce myghpay Payment Gateway plugin cross-site scripting vulnerability

The WooCommerce myghpay Payment Gateway plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the WordPress WooCommerce myghpay Payment Gateway plugin, which stems from /processresponse. php's clientref parameter lacks a data validation filter for...

AbanteCart Cross-Site Scripting Vulnerability (CNVD-2021-101665)

AbanteCart is a PHP-based e-commerce platform. AbanteCart is vulnerable to a cross-site scripting vulnerability prior to 1.3.2, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with file upload privileges could exploit this vulnerability to upload...

crocoblock JetEngine Cross-Site Scripting Vulnerability (CNVD-2022-05012)

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2022-05018)

Dolibarr is a modern software package that helps manage your organization's active applications. a cross-site scripting vulnerability exists in Dolibarr prior to 14.0.3, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

UiPath App Studio Cross-Site Scripting Vulnerability

UiPath App Studio is a low-code application development platform from UiPath, Inc. A cross-site scripting vulnerability exists in version 21.4.4 of UiPath App Studio, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability...

Yetiforcecrm Cross-Site Scripting Vulnerability

YetiForceCrm is an open source Crm system from the Polish company YetiForce. Yetiforcecrm suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code ...

WordPress Parsian Bank Gateway for Woocommerce plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Parsian Bank Gateway for Woocommerce plugin is a WordPress open source application plugin. WordPress Parsian Bank...

Google Chrome Loader data validation error vulnerability

Google Chrome is a web browser from Google, Inc. A data validation error vulnerability exists in the loader component of Google Chrome prior to version 96.0.4664.93. It allows remote attackers to compromise cross-domain data via crafted HTML pages...

Motorola Solutions Avigilon Cross-Site Scripting Vulnerability

Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions, U.S. A cross-site scripting vulnerability exists in Motorola Solutions Avigilon, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability...

WordPress Magic Post Voice plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. magic Post Voice plugin is a WordPress open source application plugin. the WordPress Magic Post Voice plugin has a...

WordPress WooCommerce EnvioPack plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WooCommerce EnvioPack plugin is a WordPress open source application plugin.The WordPress WooCommerce EnvioPack plugin h...

Bus Pass Management System Cross-Site Scripting Vulnerability

Bus Pass Management System is a bus pass management system. v1.0 of Bus Pass Management System is vulnerable to a cross-site scripting vulnerability that stems from the lack of data validation filtering of user-supplied data and output in the parameters pagedes and About Us. An attacker could...