SUSE-SU-2022:0161-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a ! script file was mishandled. bsc1107296, bsc1107294 - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring o...

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a vulnerability in the web-based interface of Cisco Webex Meetings that could allow an unauthenticated, remote attacker to conduct a cross-site...

PT-2022-2311 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: The issue exists due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this by persuading a user t...

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified...

CVE-2022-20647

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20636

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion protection security services on Cisco networks and security devices.A cross-site scripting vulnerability exists in Cisco Security Manager, whic...

Cisco Security Manager 跨站脚本漏洞

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stem...

CVE-2022-20639

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

PT-2022-1428 · Cisco · Cisco Ece

Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

Cisco Enterprise Chat and Email 安全漏洞

Cisco Enterprise Chat and Email CEC is a suite of enterprise chat and email solutions from Cisco. The product provides email, chat, and Web callback capabilities for other Cisco solutions. A security vulnerability exists in Cisco Enterprise Chat and Email that stems from the web-based management...

Security Vulnerabilities fixed in Firefox 96 — Mozilla

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...

Input validation

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

CVE-2021-42841

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

CVE-2022-21650

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

Cross-site Scripting (XSS) - Stored in erudika/scoold

Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...

Privoxy 跨站脚本漏洞

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

DEBIAN-CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-25520

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet...