CVE-2023-44813

Cross Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function...

CVE-2023-44813

Cross Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function...

PT-2023-29301 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. This is a Cross Site Scripting XSS issue. Recommendations: For...

GitHub: Invite tokens have Insufficient entropy in GHES Management Console

An insufficient entropy vulnerability in GitHub Enterprise Server invitation tokens allowed brute force attacks against pending user invitations to the management console. This affected all versions since 3.8 and was fixed in 3.8.12, 3.9.7, 3.10.4, and 3.11.1...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.92.2.0) +6 more potentially affected by CVE-2023-42453 via matrix-synapse (>=1.153.0 <=1.92.2)

matrix-synapse PYPI version =1.153.0, =0.1.1, =1.65.0.0, =0.1.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-42453 Source advisory: OSV:GHSA-7565-CQ32-VX2X...

CVE-2023-40019

CVE-2023-40019 (FreeSWITCH) affects versions prior to 1.10.10. During SDP re-negotiation, an authorized user can send a re-INVITE with duplicate codec names; the system may perform more codec matches than expected, causing overflows in internal arrays and potentially corrupting the stack, leading...

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

ChurchCRM SQL注入漏洞

The NETGEAR R7100LG is a router from the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. The NETGEAR R7100LG version 1.0.0.78 suffers from a command injection vulnerability that stems from the password parameter in...

CVE-2023-38928

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usbremoteinvite.cgi...

CVE-2023-38928

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usbremoteinvite.cgi...

CVE-2023-38928

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usbremoteinvite.cgi...

PT-2023-26691 · NetGear · Netgear R7100Lg

Name of the Vulnerable Software and Affected Versions: Netgear R7100LG version 1.0.0.78 Description: A command injection issue was discovered via the password parameter at the "usb remote invite.cgi" endpoint. This allows for potential exploitation. Recommendations: For Netgear R7100LG version...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerability allows an attacker to gain access to a private project through an email invite by using other user's email address as an unverified secondary email...

CVE-2023-37904

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

CVE-2023-37904 Discourse Race Condition in Accept Invite

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

CVE-2023-37904 Discourse Race Condition in Accept Invite

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

CVE-2023-37904 Discourse Race Condition in Accept Invite

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version...

PT-2023-26173 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.6 of the stable branch Discourse versions prior to 3.1.0.beta7 of the beta and tests-passed branches Description: Discourse is an open source discussion platform. The issue allows more users than permitted to b...

Stored XSS at Guest Lobby

Description Guest Lobby is vulnerable to XSS when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML Proof of Concept 1.Start a new web conference and change Guest policy to "Ask Moderator" role moderator 2.Attacker edit "Message to the...