Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor

From HackerOne report 1948040 by Halit AKAYDIN hltakydn Impact What kind of vulnerability is it? Who is impacted? The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. Patches Has the problem been patched? What versions should users upgrade to?...

Cross site scripting

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

CVE-2022-29183 Reflected XSS in GoCD

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

Unspecified Vulnerability in Oracle GraalVM Enterprise Edition

Oracle GraalVM Enterprise Edition is a multilingual virtual machine based on Oracle's Enterprise Java SE. A security vulnerability exists in the Java component in Oracle GraalVM Enterprise Edition 19.3.3, 20.2.0. An attacker could exploit this vulnerability to gain unauthorized read access to a...