Debian DSA-5141-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5141 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1731-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1731-1 advisory. - Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin,...

CVE-2022-22777

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides a secure access management system for wireless networks. cross-site scripting is present in Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier. vulnerability. An...

PT-2022-15664 · Tibco · Tibco Jasperreports Server +5

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.1 and below TIBCO JasperReports Server - Community Edition versions 8.0.1 and below TIBCO JasperReports Server - Developer Edition versions 8.0.0 and below TIBCO JasperReports Server for AWS Marketplace...

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a daily basis, people are hungry for information. Although all countries have reasons to be...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the managefiltereditpage.php. An attacker can inject arbitrary code by crafting a malicious project name. This is only exploitable if the attacker has access rights...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

GHSA-372Q-33VH-8MPC Inconsistent documentation in Apache Tomcat

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

Jenkins Groovy Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5411-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5411-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

Debian DSA-5129-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5129 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

UBUNTU-CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...