63 matches found
CVE-2022-41574
An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...
Oci Distribution-Spec 代码问题漏洞
Oci Distribution-Spec is an Oci distribution specification. A code issue vulnerability exists in Oci Distribution-Spec that stems from the product's use of the Content-Type header to determine the document type, among other actions. An attacker could use this vulnerability to cause text content t...
Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...
GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2021-013)
TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
Cross site scripting
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...
Cross-Site Scripting via Rich-Text Content
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...
Cross site scripting
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit...
Commands and Tools for Embedded Reverse Engineering
We’ve been training a lot of people to look at embedded systems. The training is intensive, and it can be hard to remember all the commands and tools used. This is just a quick rundown of those tools with enough information to jog your memory! Basic Commands If we want to see the content of a fil...
Updated fribidi packages fix security vulnerability
Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...
Buffer overflow
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2018-17938
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...
Authentication flaw
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...
CVE-2018-17938
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...
CVE-2018-17938
CVE-2018-17938 affects Zimbra Collaboration Server prior to 8.8.10 GA, where a loginErrorCode value can cause text content spoofing. The vulnerability is tied to the login error handling logic, enabling spoofed content in responses. The affected component is Zimbra Collaboration (server) before t...
CVE-2018-17938
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...