GHSA-JP3M-P26H-MM7V Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

Cross site request forgery (csrf)

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

CVE-2022-34158

CVE-2022-34158 affects Apache JSPWiki prior to 2.11.3, where a crafted invocation on the Image plugin can trigger a CSRF vulnerability. This could allow group privilege escalation of the attacker’s account and, per the description, could also be used to modify the attacked account’s email and the...

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

The Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a...

GHSA-G78H-PF65-46RV Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)

The Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a...

The vulnerability of the plugin for viewing RAW images, related to improper handling of code generation, allows a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the plugin for viewing RAW images, related to improper handling of code generation, allows a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

PT-2021-24351 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.0 Description: A cross-site scripting vulnerability was discovered in the URL processing logic of the image and link plugins, allowing arbitrary JavaScript execution when updating an image or link using a...

DEBIAN-CVE-2021-28675

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

PYSEC-2021-139

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load...

UBUNTU-CVE-2021-28678

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

The vulnerability of the plugin for viewing RAW images relates to the issue of data being written beyond the buffer boundaries, allowing an attacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GHSA-5GM3-PX64-RW72 Uncontrolled Resource Consumption in Pillow

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

PYSEC-2020-191

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux...

PT-2020-5160 · Python Imaging Library +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is caused by the FpxImagePlugin.py file calling the range function on an unvalidated 32-bit integer, which can lead to a denial of service DoS if the number of bands is large. On Windows...

Drupal 8.x < 8.4.7 Enhanced Image Plugin XSS

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Drupal 8.5.x < 8.5.2 Enhanced Image Plugin XSS

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor. Note that the scanner has not tested for these issues but has instead relied only on the application's...