GHSA-9CG4-4F87-JHM3 Moodle XSS in attachments to evidence of prior learning

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

Moodle XSS in attachments to evidence of prior learning

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the moveattachmentspage.php. An attacker can inject arbitrary web script or HTML by manipulating the 'type' parameter. This is only exploitable if Content Security...

GHSA-X53V-V9XP-GF6G MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

MantisBT XSS via move_attachments_page.php

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

GHSA-Q5FG-V5P7-R424 Croogo vulnerable to Cross-site Scripting in title field

A stored self-XSS exists in Croogo before v3.0.7, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

Croogo vulnerable to Cross-site Scripting in title field

A stored self-XSS exists in Croogo before v3.0.7, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

“Chemical attack” email warnings deliver Jester Stealer malware

Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team CERT-UA has warned of a large distribution campaign abusing a "chemical attack" theme. Receiving an email like this in the invasion-affected regions of...

[SECURITY] Fedora 36 Update: containerd-1.6.2-2.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

[SECURITY] Fedora 36 Update: containerd-1.6.2-1.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

FreeBSD : gogs -- XSS in issue attachments (647ac600-cc70-11ec-9cfc-10c37b4ac2ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 647ac600-cc70-11ec-9cfc-10c37b4ac2ea advisory. - The gogs project reports: Repository issues page allows HTML attachments with arbitrary JS code...

[SECURITY] Fedora 34 Update: containerd-1.6.2-3.fc34

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

[SECURITY] Fedora 35 Update: containerd-1.6.2-2.fc35

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

CVE-2022-21467

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2022-21477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-21477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2022-21467

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2022-21467

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

Design/Logic Flaw

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

CVE-2022-21477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...