Cross-site Scripting in Filter Stream Converter Application in XWiki Platform

Impact We found a possible XSS vector in the Filter.FilterStreamDescriptorForm wiki page related to pretty much all the form fields printed in the home page of the application. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to...

CVE-2022-1589 Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector...

Microsoft Windows Support Diagnostic Tool 操作系统命令注入漏洞

Microsoft Support Diagnostic Tool MSDT, Microsoft Support Diagnostic Tool is a utility program used to troubleshoot and collect diagnostic data for professionals to analyze and solve problems.Microsoft Office is a popular office software developed by Microsoft Corporation. Microsoft Support...

Phabricator: Deprecated owners.query API bypasses object view policy

The deprecated owners.query API does not check object view policy. A user is able to view some information about an owner package which they do not have permission to see by calling this API. Since the API is deprecated, it could just be removed. Impact An attacker is able to view some informatio...

BathPair.sol#rebalancePair() can be front run to steal the pending rebalancing amount

Lines of code Vulnerability details function underlyingBalance public view returns uint256 uint256 pool = IERC20underlyingToken.balanceOfaddressthis; return pool.addoutstandingAmount; function removeFilledTradeAmountuint256 amt external onlyPair outstandingAmount = outstandingAmount.subamt; emit...

PT-2022-3953 · Document Foundation +8 · Libreoffice +8

Name of the Vulnerable Software and Affected Versions: LibreOffice versions prior to 7.2.7 LibreOffice versions prior to 7.3.1 Description: The issue is related to insufficiently strong encryption of data in the user configuration database of LibreOffice. This weakness can be exploited by a remot...

Jfinal CMS SQL注入漏洞

Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...

Cross-site Scripting in wiki manager join wiki page

Impact We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page WikiManager.JoinWiki with wiki editor and chan...

GHSA-PH5X-H23X-7Q5Q Cross-site Scripting in wiki manager join wiki page

Impact We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page WikiManager.JoinWiki with wiki editor and chan...

Cross-site Scripting in the Flamingo theme manager

Impact We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page FlamingoThemesCode.WebHomeShe...

GHSA-VMHH-XH3G-J992 Cross-site Scripting in the Flamingo theme manager

Impact We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page FlamingoThemesCode.WebHomeShe...

XSS in various backend modules due to (un)escaping in JS notification module

The notification module displaying flash messages unscapes HTML coming from the server, resulting in XSS vulnerabilities with various names and labels of entities eg. workspace title or media title. This however means you must be a logged in user with respective rights in the first place to...

Print Spooler Remote DLL Injection

The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running. Module Options msf use...

Pion DTLS Header reconstruction method can be thrown into an infinite loop

Impact An attacker can send packets that will send Pion DTLS into an infinite loop when processing. Patches Upgrade to Pion DTLS v2.1.4 Workarounds No workarounds available, upgrade to Pion DTLS v2.1.4 References Thank you to Juho Nurminen and the Mattermost team for discovering and reporting thi...

GHSA-68P4-PJPF-XWCQ insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

Magento 2 Community Edition Cryptographic Flaw

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

Gitea XSS Vulnerability

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

Gitea XSS Vulnerability in Repository Description

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...