ShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities Affected

ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide...

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

Linux Distros Unpatched Vulnerability : CVE-2024-43788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packagi...

DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS

Hi, Rspack|Webpack developer team! Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an...

GHSA-84JW-G43V-8GJM DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS

Hi, Rspack|Webpack developer team! Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an...

PT-2024-40181 · Webpack · Webpack

Name of the Vulnerable Software and Affected Versions: Webpack versions affected versions not specified Description: A DOM Clobbering vulnerability was discovered in Webpack's AutoPublicPathRuntimeModule, which can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled...

SUSE CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack's...

GHSA-4VVJ-4CPR-P986 Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

UBUNTU-CVE-2024-43788

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s...

BIT-CANVASLMS-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

BIT-CANVASLMS-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

VulnCheck KEV: CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

Design/Logic Flaw

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

Instruction Canvas LMS 信息泄露漏洞

Canvas LMS is an open source learning management system from Instructure Open Source. Instruction Canvas LMS has a security vulnerability that stems from not properly denying access to locked or unreleased files...

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...