CGA-CP2F-7787-PHCR

Bulletin has no description...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Libxslt vulnerabilities (USN-7787-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7787-1 advisory. Ivan Fratric discovered that Libxslt did not correctly handle certain memory operations. An attacker could possibly use this issu...

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch...

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +226 more potentially affected by CVE-2025-7787 via com.xuxueli:xxl-job-core (>=1.8.2 <=3.1.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2025-7787 Source advisory: OSV:GHSA-F8VW-8VGH-22R9...

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch...

CVE-2024-7787

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects vSRM Supplier Relationship Management System: before...

CVE-2024-7787

creationtimestamp| type| source ---|---|--- 2024-11-14 08:24:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113480348162213077 2024-11-14 10:47:50+00:00| seen| https://t.me/cvedetector/10909...

CVE-2024-7787 Reflected XSS in ITG Computer Technology's vSRM Supplier Relationship Management System

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects vSRM Supplier Relationship Management System: before...

CVE-2024-7787

CVE-2024-7787 is a Reflected XSS vulnerability in ITG Computer Technology’s vSRM Supplier Relationship Management System, due to improper input neutralization during web page generation. Affected versions are before 28.08.2024. The issue is documented across multiple sources (NVD, CVE List, Red H...

GHSA-7787-P7X6-FQ3J

creationtimestamp| type| source ---|---|--- 2023-12-31 14:11:18+00:00| seen| https://t.me/ctinow/161086...

SUSE CVE-2016-7787

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user...

Mageia: Security Advisory (MGASA-2017-0473)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0303)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2017-18) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

SUSE: Security Advisory (SUSE-SU-2017:2302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2589-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

@joshmccall/atomic-stories (>=0.0.0-semantically-released <=1.9.5), abmcontent (=0.1.0) +3 more potentially affected by CVE-2020-7787 via react-adal (>=0.3.15 <=0.4.24)

react-adal NPM version =0.3.15, =0.0.0-semantically-released, =0.1.0, =0.1.3 - widgettestcomponent =0.1.0 Source cves: CVE-2020-7787 Source advisory: OSV:GHSA-7MPX-VG3C-CMR4...

CVE-2020-7787

creationtimestamp| type| source ---|---|--- 2020-12-09 20:32:47+00:00| seen| https://t.me/cibsecurity/17998 2020-12-09 20:35:49+00:00| seen| https://t.me/cibsecurity/18018 2020-12-09 20:44:41+00:00| seen| https://t.me/cibsecurity/18037 2020-12-09 21:02:26+00:00| seen| https://t.me/cibsecurity/180...

CVE-2020-7787

CVE-2020-7787 affects all versions of react-adal. The root cause is in how nonce/session/refresh values are stored in browser storage: values are appended with ||, which means an empty string can be accepted in the validation, allowing an attacker-generated JWT to be treated as authentic. Affecte...