CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

GHSA-H8CM-3V5F-RGP6 XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer

Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...

XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer

Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...

PHPJabbers Callback Widget Cross-Site Scripting Vulnerability

PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A cross-site scripting vulnerability exists in PHPJabbers Callback Widget version v1.0, which stems from cross-site scripting XSS in the value-enum-obfincludetimezone parameter of ndex.php...

java-11-openjdk bug fix update

An update is available for java-11-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bug Fixes: The recent OpenJDK 11.0.20 security update accidentally...

CLSA-2023-1689009659 Update of alt-php

Backport the package from Ubuntu 18.04: New upstream version 2023c: - Egypt now uses DST again, from April through October. - This year Morocco springs forward April 23, not April 30. - Palestine delays the start of DST this year. - Much of Greenland still uses DST from 2024 on. The contents of...

CLSA-2023-1688679460 Update of tzdata

Upgrade to tzdata-2023c code and data are identical to 2023a - Egypt now uses DST again, from April through October. - This year Morocco springs forward April 23, not April 30. - Palestine delays the start of DST this year. - Much of Greenland still uses DST from 2024 on. - America/Yellowknife...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

Design/Logic Flaw

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

Loxone Miniserver 操作系统命令注入漏洞

Loxone Miniserver is a server from Loxone, Inc. that automates equipment in buildings, houses, and homes to provide energy management, monitoring, and other functions. A security vulnerability exists in Loxone Miniserver Go Gen.2 versions prior to 14.1.5.9, which stems from a websocket...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

VulnCheck KEV: CVE-2022-45699

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...

CVE-2023-33669

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub44db3c function...

CVE-2023-33669

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub44db3c function...

CVE-2023-33669

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub44db3c function...

Stack overflow

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub44db3c function...

Tenda AC8 缓冲区错误漏洞

Tenda AC8 is a wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AC8 timeZone parameter, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause a denial of service...