Rocky Linux 9 : libreoffice (RLSA-2023:0304)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0304 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only...

PT-2023-9189 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.11 Redmine versions 5.0.x prior to 5.0.6 Description: The issue is related to a lack of protection for the web page structure in the Thumbnails component of the Redmine web application, allowing for cross-site...

CVE-2023-41357

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service allows a attacker to perform XSS attacks.

The vulnerability of the Invoice Edit Page of the Bitrix24 business management service relates to the failure to take measures to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

PT-2023-22107 · Document Foundation · Libreoffice

Name of the Vulnerable Software and Affected Versions: LibreOffice versions prior to 7.4.5 Description: Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in...

CVE-2023-20206

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

CVE-2023-20005

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due...

Bitrix24 Security Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 22.0.300, which originates from a security hole in the...

PT-2023-7126 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software. These...

GHSA-GR82-8FJ2-GGC3 XWiki Platform XSS vulnerability from account in the create page form via template provider

Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

CVE-2023-37909

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...

CVE-2023-37909

CVE-2023-37909 affects XWiki Platform: versions 5.1-rc-1 up to but not including 14.10.8 and 15.3-rc-1 allow any user who can edit their own profile to execute arbitrary script macros (Groovy/Python), enabling remote code execution with full read/write access to wiki content. Root cause is improp...