GHSA-C2F9-4JMM-V45M Shopware's session is persistent in Cache for 404 pages

Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...

Shopware's session is persistent in Cache for 404 pages

Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...

CVE-2021-28626

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service...

CVE-2021-28625 Adobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jsp

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

CVE-2021-28626

CVE-2021-28626 affects Adobe Experience Manager Cloud Service and older AEM 6.5.8.0 and below, via an Improper Authorization flaw that lets unauthenticated attackers create nodes under a location, potentially causing application denial-of-service. The issue does not require user interaction. Publ...