Code injection

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account...

CVE-2021-3109

CVE-2021-3109 affects SolarWinds Orion Platform; the issue is a Reverse Tabnabbing and open redirect vulnerability in the custom menu item options page that exists before version 2020.2.5. Exploitation requires an Orion administrator account and access is via the custom menu item options page. Th...

Cross-site Scripting (XSS)

typo3/cms-backend is vulnerable to cross-site scripting. An authenticated malicious user is able to inject and execute malicious script via the content elements of type menu when their referenced items get previewed in the page module...

Cross-Site Scripting in Content Preview (CType menu)

Problem It has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25,...

GHSA-X7HC-X7FM-F7QH Cross-Site Scripting in Content Preview (CType menu)

Problem It has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25,...

Intermittently Users Are Unable to Access Start Menu After Citrix Workspace Environment Management Application Security Rules Are Applied

Start menu is intermittently inaccessible after applying default/custom rules...

PT-2021-14453 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.51 TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The issue concerns content elements of type menu being vulnerable to...

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication 2FA than SMS which is vulnerable to SIM swap...

[SECURITY] Fedora 34 Update: kmenuedit-5.21.3-1.fc34

KDE menu editor...

Cross-Site Scripting in Content Preview

It has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability...

WordPress food-and-drink-menu plugin deserialization code execution vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers running PHP and MySQL. food-and-drink-menu plugin is a plugin for WordPress. A security vulnerability exists in WordPress...

CVE-2020-29045

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdmcart cookie in loadcartfromcookie in includes/class-cart-manager.php...

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers running PHP and MySQL. food-and-drink-menu plugin is a plugin for WordPress. A security vulnerability exists in WordPress...

WordPress Five Star Restaurant Menu plugin <= 2.2.0 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by Nick Blundell in WordPress Five Star Restaurant Menu plugin versions = 2.2.0. Solution Update the WordPress Five Star Restaurant Menu plugin to the latest available version at least 2.2.1...

Five Star Restaurant Menu < 2.2.1 - Unauthenticated PHP Object Injection

The plugin unserialised the fdmcart cookie value without any sanitisation or validation first, when the Ordering setting of the plugin was enabled, leading to a PHP object injection which could lead to RCE...

Oracle Linux 8 : grub2 (ELSA-2021-0696)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0696 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 Tenable has extracted the preceding description block directly from the Oracle Linux...

grub2 security update

2.02-0.87.0.8.e7.2 - Enable common subpackage for aarch64 - Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec - add SBAT metadata for Oracle Linux grub2 - Use similar format for menu entry in grub environment block - config file. Orabug: 32172943 - Fix...

ALPINE-CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

KB5001412: Setup Dynamic Update for Windows 10, version 2004 and 20H2: April 27, 2021

KB5001412: Setup Dynamic Update for Windows 10, version 2004 and 20H2: April 27, 2021 Summary This update makes improvements to Setup binaries or any files that Setup uses for feature updates in Windows 10, version 2004 and 20H2.This update also addresses an issue in which the user is shown...