CVE-2023-3845

A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajaxinvite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The...

mooSocial mooDating 跨站脚本漏洞

mooSocial mooDating is a dating application from mooSocial. A cross-site scripting vulnerability exists in mooSocial mooDating version 1.2, which stems from a cross-site scripting XSS vulnerability in file/friends/ajaxinvite...

PT-2023-26436 · Unknown · Moosocial Moodating

Name of the Vulnerable Software and Affected Versions: mooSocial mooDating version 1.2 Description: A problem was found in the file /friends/ajax invite of the component URL Handler, which can be exploited to perform cross site scripting. The attack can be launched remotely. Recommendations: For...

WordPress All in One Invite Codes Plugin < 1.1.11 is vulnerable to Cross Site Scripting (XSS)

Software All in One Invite Codes Type Plugin Vulnerable versions 1.1.11 Fixed in 1.1.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 070ddaecd3e9 Credits Rafie Muhammad Patchstac...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from the presence of a missing boundary check in inviteInternal of the p2piface.cpp file, which may be read out-of-bounds...

SUSE CVE-2023-32323

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

DEBIAN-CVE-2023-32323

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

CVE-2023-32323

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

PYSEC-2023-67

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

PYSEC-2023-67

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

UBUNTU-CVE-2023-32323

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disable...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:PYSEC-2023-67...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:GHSA-F3WC-3VXV-XMVR...

Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites

Impact A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. Details The Matrix protocol allows homeservers to provide an...

PT-2023-23730 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.73 Description: A malicious user on a Synapse homeserver with permission to create certain state events can disable outbound federation from one homeserver to another. This is possible due to the lack of...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in versions prior to Zulip 6.2, which stems from the fact that if organizational privileg...

PT-2023-23953 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 6.1 and below Description: Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who ca...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN Avideo versions prior to 12.4, which stems from the ability for a regular user to create a meeting schedule where the user can invite other users to that meeting, but fail ...

Buffer Overflow

kamailio is vulnerable to Buffer Overflow. Invite requests are incorrectly handled by the server resulting in duplacted fields and overlegnth tag leading to a buffer overflow which crashes the server...

USN-6022-1 kamailio vulnerabilities

It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. CVE-2018-16657 It was discovered...