AbanteCart 跨站脚本漏洞

AbanteCart is a PHP-based e-commerce platform. AbanteCart is vulnerable to a cross-site scripting vulnerability prior to 1.3.2, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with file upload privileges could exploit this vulnerability to upload...

ALPINE-CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

CVE-2021-43818 HTML Cleaner allows crafted and SVG embedded scripts to pass through

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

PT-2021-6092 · Lxml +10 · Lxml +10

Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.5 Description: The HTML Cleaner in lxml.html allows certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. This can be exploited by a remote attacker to...

Basket can be fully drained if the auction is settled within a specific block

Handle Ruhum Vulnerability details Impact The settleAuction function allows someone to settle the auction by transferring funds in a way that the new pending index is fulfilled. As a reward, they are able to take out as many tokens as they want as long as the pending index is fulfilled after that...

Reprise Software Reprise License Manager 安全特征问题漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License...

Reprise Software Reprise License Manager 访问控制错误漏洞

Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License Manager A licensing...

Bentley Systems Bentley View 资源管理错误漏洞

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

The vulnerability of Adobe Audition for Windows and macOS, related to the operation of operations beyond buffer boundaries in memory, allows a hacker to trigger a system failure.

The vulnerability of Adobe Audition’s audio editing software for Windows and macOS is related to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to information leakage, which could be exploited by attackers to obtain sensitive information and use it to launch further attacks on the affected system...

[SECURITY] Fedora 34 Update: synfigstudio-1.4.0-3.fc34

Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need...

[SECURITY] Fedora 34 Update: autotrace-0.31.1-62.fc34

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

Fedora: Security Advisory for autotrace (FEDORA-2021-b58af96f33)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PYSEC-2021-841

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the maliciou...

Ckan 跨站脚本漏洞

Ckan is an open source Dms data management system. Used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions 2.9.0 through 2.9.3, which allows an attacker to upload an SVG file of a user's avatar...

showdoc 跨站请求伪造漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showDoc has a security vulnerability that can be exploited by attackers to perform request forgery CSRF attacks...

elecom lan 操作系统命令注入漏洞

elecom lan routers is a router from Elecom Japan. An operating system command injection vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

elecom lan 跨站脚本漏洞

elecom lan routers is a router from Elecom Japan. A cross-site scripting vulnerability exists in elecom lan routers, which can be exploited by an attacker to inject arbitrary script via an unspecified vector...

elecom lan 缓冲区错误漏洞

elecom lan routers is a router from Elecom Japan. A buffer overflow vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

Code injection

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...