CVE-2022-46907

CVE-2022-46907 describes a cross-site scripting (XSS) vulnerability in Apache JSPWiki plugins. The issue stems from crafted requests that can trigger XSS in several JSPWiki plugins, allowing an attacker to execute JavaScript in a victim’s browser and access sensitive information. Affected softwar...

CVE-2022-46907 Apache JSPWiki: XSS Injection points in several plugins

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

Apache Tomcat 8.5.85 < 8.5.88 DoS

The version of Tomcat installed on the remote host is prior to 8.5.88. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.88security-8 advisory. The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to...

e107 v2.3.2 - Reflected XSS Vulnerability

Exploit Title: e107 v2.3.2 - Reflected XSS Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.2 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64 OpenSSL/1.1.1l PHP/7.4.23 XSS Reflect...

GHSA-H79M-5CM2-278C User data exposure in Apache InLong

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

Design/Logic Flaw

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick...

Default configuration

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

CVE-2023-31453 Apache InLong: IDOR make users can delete others' subscription

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

PT-2023-23129 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.6.0 Description: The issue is related to insufficient session expiration, allowing an old session to be used by an attacker even after the user has been deleted or the password has been changed...

Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

ChurchCRM 4.5.4 Cross Site Scripting Vulnerability

Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE: CVE-2023-31699 Step...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Debian DSA-5405-1 : libapache2-mod-auth-openidc - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5405 advisory. It was discovered that missing input sanitising in the implementation of the OIDCStripCookie option in modauthopenidc could result in denial of service. For the stable...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a vulnerability in Apache commons-dbcp

Summary A vulnerability in Apache commons-dbcp used by InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an...

Apache OpenMeetings Code Execution Vulnerability

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A code execution vulnerability exists in Apache OpenMeetings versions 2.0.0...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1932)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2023-1932)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Apache OpenMeetings 3.1.3 < 7.1.0 Authentication Bypass Vulnerability

Apache OpenMeetings is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...