Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.18.0 and prior versions, which stems from the inability to disable the autocomplete feature at login...

PT-2024-31799 · Mattermost +1 · Mattermost Mobile Apps +1

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.18.0 Description: The issue arises when the Mattermost Mobile Apps fail to disable autocomplete during login while typing the password and the visible password option is selected. This allows the password to...

MAL-2024-7587 Malicious code in sap-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7f4a03509d4086140817b69f8d133d16dfafc6e869e0322ac7e0a446c8015153 The OpenSSF Package Analysis project identified 'sap-autocomplete' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sap-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7f4a03509d4086140817b69f8d133d16dfafc6e869e0322ac7e0a446c8015153 The OpenSSF Package Analysis project identified 'sap-autocomplete' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-36233 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which...

CVE-2024-34349

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

Cross-Site Scripting (XSS)

sylius/sylius is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization within autocomplete fields and the category tree in the Admin panel, which allows an attacker to insert arbitrary JavaScript into Name fields such as the Taxons, Products, Product...

RHEL 5 : zsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - zsh: buffer overrun in symlinks CVE-2017-18206 - In builtin.c in zsh before 5.4, when sh compatibility mo...

CVE-2024-34349 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

BIT-GITLAB-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

UBUNTU-CVE-2024-2279

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...

PT-2024-19565 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 16.8.6 GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: An issue has been discovered in GitLab CE/EE, where using the autocomplete for issues references...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

WordPress plugin WPFront User Role Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

Cross-site Scripting (XSS)

EasyCorp is vulnerable to the Cross-site Scripting XSS. The vulnerability is due to improper handling of the 'item' argument in the Autocomplete function within the file assets/js/autocomplete.js of the Autocomplete component, leading to cross-site scripting XSS attacks...

CVE-2024-3081

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. T...