172 matches found
Leaking password protected articles content due to improper access control
Description Any user who can publish their article can protect it using a password before publishing. So, a valid password to the article is required to view the contents of the article. But when a request is made to article /2022/04/10/ the UI show it requires a password to view content. But the...
CVE-2022-21678 User's bio visible even if profile is restricted in Discourse
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...
CVE-2022-21678
Discourse suffers an information disclosure vulnerability: before specific patch levels, bios (or profile bios) of users with private profiles were exposed in the page meta data, exposing private user information. Affected software: Discourse. Affected versions include prior to 2.8.0.beta11 in th...
PT-2022-15030 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.0.beta11 in the tests-passed branch Discourse versions prior to 2.8.0.beta11 in the beta branch Discourse versions prior to 2.7.13 in the stable branch Description: The bios of users who made their profiles...
CVE-2022-37421 - Stored XSS in custom meta tags
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37421...
Cross-site Scripting (XSS) - Stored in forkcms/forkcms
Description Hello. ForkCMS does not properly sanitize the website's TITLE when it is imported into the meta tags. Proof of Concept If we set the page title to something like this: Home - Hi'"script src=//xss/scriptx="99\r\n%0A%09%0Dsvg\onload=confirm1 It gets reflected back here: "" Impact This...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
More info at https://phabricator.wikimedia.org/T279451...
Fast-Security-Scanners - Security Checks For Your Researches
A small contribution to community : We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NStakeover Repo docker run --dns=8.8.8.8 -e VULNID=dnsnstakeover -e DOMAIN=site.com whitespots/dnsnstakeover CachePoisoning Repo docker run --rm...
CVE-2020-26211
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...
DRUPAL-CONTRIB-2019-058
This module enables you to customize meta tags to help with a site's search engine ranking and improve the display of page summaries when shared on social networks. The module doesn't sufficiently check for a site being in maintenance mode. This vulnerability is mitigated by the fact that the sit...
Meta tags quick - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-057
Metatags quick is a module that manages meta tags tags that appear in HTML's head section as Drupal 7 fields. Administration page of metatags quick does not sanitize the output of blocks that appear on the same page. This allows an attacker to inject malicious JavaScript in block markup. This...
Session fixation
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
CVE-2018-5118
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...
CVE-2017-7837
SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox 57...
Code injection
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...
CVE-2016-10569
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10569
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10569
The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...
HackerOne: Partial disclosure of undisclosed programs through <meta> tags
Summary Report pages contain tags that contains the description of the report. New browsers create thumbnails of recently visited pages that that display the content of the tags. Since the meta tags contain the contents of report, private report contents are partially disclosed. Description Moder...