Advisory ROSA-SA-2024-2515

Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: httpd-2.4.6-99.0.5.res7.1 CVE-ID: CVE-2021-26690 BDU-ID: 2021-03681 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an...

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing it through an...

BIT-LIMESURVEY-2024-28710

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

Cross-site Scripting (XSS)

limesurvey/limesurvey is is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation and output encoding in the Alert Widget's message component...

LimeSurvey Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

GHSA-632Q-77QJ-C89Q LimeSurvey Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

CVE-2024-28710

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

PT-2024-22532 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 6.5.0+240319 Description: The issue is related to a Cross Site Scripting XSS vulnerability that allows a remote attacker to execute arbitrary code. This is due to a lack of input validation and output encoding in...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online survey program from the LimeSurvey team that supports survey program development, survey distribution, and data collection. A security vulnerability exists in LimeSurvey prior to version 6.5.0+240319, which stems from a cross-site scripting...

CVE-2024-28710

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

CVE-2024-28710

LimeSurvey is affected by a Cross-Site Scripting (XSS) vulnerability in the Alert Widget’s message component, due to insufficient input validation and output encoding in versions prior to 6.5.0+240319. The issue enables a remote attacker to execute arbitrary code through crafted input. Remediatio...

CVE-2024-47845

CVE-2024-47845 concerns an issue in the MediaWiki CSS Extension where improper encoding/escaping of output enables code injection. Affected range: MediaWiki CSS Extension versions 1.39.x prior to 1.39.9, 1.41.x prior to 1.41.3, and 1.42.x prior to 1.42.2. Root cause is improper output handling in...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from improperly encoded or escaped...

CVE-2024-7873

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting XSS...

The vulnerability of the modules/proxy/mod_proxy.c component of the Apache HTTP Server, related to a lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential data and also trigger a denial-of-service attack.

The vulnerability of the modules/proxy/modproxy.c component of the Apache HTTP Server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

Apache Airflow vulnerable to Improper Encoding or Escaping of Output

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

GHSA-C392-WHPC-VFPR Apache Airflow vulnerable to Improper Encoding or Escaping of Output

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

The vulnerability of the mod_rewrite function in the Apache HTTP Server allows attackers to execute arbitrary code.

The vulnerability of the modrewrite function in the Apache HTTP Server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2024-10151 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 Description: The issue is related to improper output encoding, which could lead to XSS if CSP is not enabled. This...

Glassdoor: █████████eflected █████████████████ Vulnerability in Glassdoor Blog ███earch

A reflected cross-site scripting vulnerability was discovered in the Glassdoor blog search functionality. The vulnerability was remediated by strengthening input validation and output encoding...