Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.10, and in versions 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...

CVE-2023-3837

A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/syssqlquery.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be use...

CVE-2025-0147

Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access...

Zoom Workplace Desktop App < 6.2.10 Privilege Escalation (ZSB-25006)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.2.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25006 advisory. - Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalatio...

K000148809: Qt vulnerabilities CVE-2023-38197 and CVE-2023-37369

Security Advisory Description CVE-2023-38197 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-37369 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2,...

WordPress plugin Advanced Custom Fields PRO Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability previously...

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

Two Qt security advisories: GDI Font Engine & WebP image format

An issue on Windows with the GDI font engine has been reported and has been assigned the CVE id CVE-2023-43114. When corrupt font data is passed to the GDI font engine via QFontDatabase::addApplicationFontFromData then it can trigger a crash in the application. Solution: As a workaround, validate...

DedeBIZ Cross-Site Scripting Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which stems from the Article Handler component can lead to cross-site scripting vulnerability. No detailed vulnerability details a...

CVE-2023-4170

A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public a...

CVE-2023-4170

A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public a...

Cross site scripting

A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public a...

CVE-2023-4170

DedeBIZ 6.2.10 is affected, with the Article Handler component enabling cross-site scripting. The issue is exploitable remotely and is publicly disclosed (CVE-2023-4170, VDB-236186). Red Hat/EUVD/CNVD/CVE records corroborate XSS in this version. Root cause detail is not disclosed in the documents...

PT-2023-28055 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.10 Description: A vulnerability was found in the Article Handler component, which can be exploited to lead to cross site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure...

DedeBIZ 跨站脚本漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which stems from the Article Handler component can lead to cross-site scripting vulnerability. No detailed vulnerability details a...

An issue was discovered in Qt before 5.15.15 6.x before 6.2.10 and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.

...

CVE-2023-3838

A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/voteedit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and...

CVE-2023-3839

A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/syssqlquery.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of...

Sql injection

A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/syssqlquery.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of...

CVE-2023-3838 DedeBIZ vote_edit.php cross site scripting

A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/voteedit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and...