Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable remotely Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite Vulnerabilities : Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper...

The Bug Report - June 2024 Edition

The Bug Report - June 2024 Edition By Jonathan Omakun & Tobi Olawale · June 27, 2024 Why am I Here Welcome back to The Bug Report, the "so hot the server fans are sweating" edition! For those who are new to our monthly adventure, every month, our dedicated Advanced Research Center vulnerability...

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

PT-2024-7454 · Hewlett Packard · Hp Designjet

Name of the Vulnerable Software and Affected Versions: HP DesignJet products affected versions not specified Description: The issue is related to a credential reflection vulnerability in the SMTP Server Credential Handler component of HP DesignJet products' firmware. This vulnerability is...

Unsafe Reflection in base Component class

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Cross-site Scripting

Overview Affected versions of this package are vulnerable to Cross-site Scripting through the dynamic setting of form legends in administrative interfaces. An attacker can execute arbitrary scripts in the context of the administrator's session by injecting malicious content into form fields that...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

OESA-2024-1667 infinispan security update

Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...

GHSA-VH7Q-J8P5-2H4H silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions...

PT-2024-40479 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns a form that may populate a PasswordField with submitted data, reflecting it back to the user. This behavior is not considered best practice, as it may expose the user's own...

Commons-BeanUtils: Improper Access Restriction

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details...

CVE-2024-32887

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it t...

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: … const div = document.querySelector'divfoo=bar'; console.logdiv.getAttribute'foo'; // 'bar' console.logdiv.foo; // undefined div.foo = 'hell...

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: … const div = document.querySelector'divfoo=bar'; console.logdiv.getAttribute'foo'; // 'bar' console.logdiv.foo; // undefined div.foo = 'hell...

CVE-2024-32567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7...

PT-2024-23260 · Sap Se · Sap Business Connector

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a high privilege attacker to load an exploitable payload onto the Resource Settings page, which is then stored and reflected whenever a...

PT-2024-23373 · Ghozylab · Web Icons

Name of the Vulnerable Software and Affected Versions: GhozyLab, Inc. Web Icons versions n/a through 1.0.0.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

CVE-2024-1983

The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users...

Exploit for Unsafe Reflection in Github Enterprise_Server

Intro This repository contains exploits we have developed for...