CVE-2023-37908

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

Cross site scripting

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

CVE-2023-29201

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

ChurchInfo 代码问题漏洞

ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...

SiteBridge Joruri Gw Arbitrary File Upload Vulnerability

SiteBridge Joruri Gw is a group assignment software from SiteBridge Japan. An arbitrary file upload vulnerability exists in SiteBridge Joruri Gw 3.2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

LinkedIn Private Bug Bounty Program Goes Public

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve...

Unspecified PHP Code Execution Vulnerability in Bomgar Remote Support Portal Application

Bomgar Remote Support is a secure remote desktop solution. The Bomgar Remote Support Portal application fails to properly filter input, allowing remote attackers to submit special requests to execute arbitrary PHP code...

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

openSUSE 10 Security Update : squirrelmail (squirrelmail-6242)

Multiple vulnerabilities have been fixed in SquirrelMail: an XSS and input sanitization bug both CVE-2009-1578, a server-side code execution CVE-2009-1579, a login session hijacking bug CVE-2009-1580 and another bug that allowed phishing and XSS attacks CVE-2009-1581. %NASLMINLEVEL 70300 C Tenabl...

PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...

PMachine Pro 2.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/12597/info PMachine Pro is reported prone to a remote file include vulnerability. This issue affects the 'mailautocheck.php' script. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileg...

Mambo Open Source Multiple Input Validation Vulnerabilities

Description Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute arbitrary server-side script code on an...