SAP customers are urged to patch critical vulnerabilities in multiple products

German enterprise software maker SAP has patched three critical vulnerabilities affecting Internet Communication Manager ICM, a core component of SAP business applications. Customers are urged by both SAP and CISA to address these critical vulnerabilities as soon as possible. On February 8, SAP...

GHSA-GX6H-936C-VRRR Cross site scripting in registration template in xwiki-platform

Impact We found a possible XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions: - the wiki must be open to registration for anyone - the wiki must be closed to view for Guest users more specifically the...

Cross site scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

Missing authorization in xwiki-platform

Impact Any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. Patches It has been patched in XWiki 13.2CR1 and 12.10.6 Workarounds There is no workaround beside patching. References https://jira.xwiki.org/browse/XWIKI-18430 For mo...

CVE-2022-23622 Cross site scripting in registration template in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

okmelk.com Cross Site Scripting vulnerability OBB-2367296

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

alignyourspine.net Open Redirect vulnerability OBB-2365988

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-21999

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: space-r7 at March 11, 2022 9:07pm UTC reported: This is a useful vulnerability; however, an existing session on the target is required, and escalation of privileges can sometimes depend on luck. To achieve the director...

youmustseethisvideo.com Cross Site Scripting vulnerability OBB-2365879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

streetsoftoronto.com Cross Site Scripting vulnerability OBB-2365357

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vw-online.eu Cross Site Scripting vulnerability OBB-2363860

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vdweerdautoverhuur.nl Cross Site Scripting vulnerability OBB-2362822

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

copywriting-tip.com Cross Site Scripting vulnerability OBB-2360788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

3k.com.tr Cross Site Scripting vulnerability OBB-2360050

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

jaycar.com.au Cross Site Scripting vulnerability OBB-2360040

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

us.dremel.com Open Redirect vulnerability OBB-2359409

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Updated rust packages fix security vulnerability

This update provides Rust 1.57.0 as a feature and bugfix update. See the release notes for details. The 'std::fs::removedirall' standard library function was vulnerable a race condition enabling symlink following CWE-363. An attacker could use this security issue to trick a privileged program int...

path-work.info Cross Site Scripting vulnerability OBB-2356003

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

A critical severity vulnerability in the Samba platform could allow attackers to gain remote code execution with root privileges on servers. Samba is an interoperability suite that allows Windows and Linus/Unix-based hosts to work together and share file and print services with multi-platform...

blog.nielskunze.com Cross Site Scripting vulnerability OBB-2354841

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...