CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

Evaluation of cyber activities and the threat landscape in Ukraine

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...

new packages: device-mapper-persistent-data

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

Malicious code in sameethinghere101 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69e7a5e4c08ca379961c0f3d1a2dda0bebf47d65f153e2956e890451cb54fbd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

GHSA-63CJ-3R94-234V Persistent XSS vulnerability in Jenkins DRY Plugin

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

Persistent XSS vulnerability in Jenkins DRY Plugin

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

Shopware XSS Vulnerability

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

GHSA-QF3F-7X69-QFV3 phpMyAdmin DoS Vulnerability

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

The Reporting Addon for CUBA Platform has Persistent XSS

The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...

GHSA-RFF7-964G-PPPX The Reporting Addon for CUBA Platform has Persistent XSS

The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...

Yab Quarx persistent cross-site scripting vulnerability

Yab Quarx before 2.4.5 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

Red Hat Wildfly DoS

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

GHSA-P4XG-CPR9-VWVJ Red Hat Wildfly DoS

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

Openstack Manila Persistent XSS in Metadata field

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

GHSA-6RH5-23HX-J452 Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...