Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

Unfixed XSS vulnerability at 100-downloads.com

Security researcher www.r3t.n3t.nl, has submitted on 18/09/2007 a cross-site-scripting XSS vulnerability affecting 100-downloads.com, which at the time of submission ranked 154499 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It i...

Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question FAQ management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script a...