CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2022-4666

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

Cross site scripting

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2022-4666

CVE-2022-4666 affects the WordPress plugin Markup (JSON-LD) structured in schema.org up to version 4.8.1. The issue is unvalidated/unescaped shortcode attributes that can lead to Stored XSS when embedded in pages/posts by users with contributor role or higher. The connected documents confirm the ...

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

CVE-2022-24307

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...

CVE-2022-24307

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...

Design/Logic Flaw

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...

CVE-2022-24307

Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0...

CVE-2022-24307

Mastodon prior to 3.3.2 and 3.4.x prior to 3.4.6 suffers from an access-control weakness due to not compacting incoming signed JSON-LD activities, despite JSON-LD signing being supported since 1.6.0. This affects versions 1.6.0–3.3.2 and 3.4.x–3.4.5, enabling potential improper access handling as...

PT-2022-16596 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 1.6.0 through 3.3.2 Mastodon versions 3.4.x through 3.4.5 Description: The issue is related to incorrect access control due to the failure to compact incoming signed JSON-LD activities. JSON-LD signing has been supported sin...