[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40

The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

[SECURITY] Fedora 40 Update: gnulib-0-50.20230709git.fc40

The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your program s...

[SECURITY] Fedora 40 Update: apache-commons-io-2.13.0-8.fc40

Commons-IO contains utility classes, stream implementations, file filters, and endian classes. It is a library of utilities to assist with developing IO functionality...

Input validation

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wcaddnewproduct function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files...

CVE-2024-28096

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

Cross site scripting

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

Cross site scripting

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28097 Stored Cross-site Scripting in Calendar functionality in Schoolbox

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28097 Stored Cross-site Scripting in Calendar functionality in Schoolbox

Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28096 Stored Cross-site Scripting in Class functionality in Schoolbox

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28095 Stored Cross-site Scripting in News functionality in Schoolbox

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

CVE-2024-28094

CVE-2024-28094 affects the Schoolbox application’s chat functionality prior to version 23.1.3. The issue is a blind SQL Injection that authenticated attackers can exploit to read, modify, and delete database records. Multiple sources confirm the vulnerability in Schoolbox before 23.1.3 and indica...

PT-2024-22262 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns stored cross-site scripting in the news functionality, allowing an authenticated attacker to perform security actions in the context of affected users. Recommendations: For...

PT-2024-22263 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns stored cross-site scripting in the Class functionality of the Schoolbox application. This allows an authenticated attacker to perform security actions in the context of affect...

BIT-GITLAB-2020-26412

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2...

BIT-GITLAB-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

BIT-SUITECRM-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality...

BIT-TYPO3-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...