📄 SilverStripe 5.3.8 Cross Site Scripting

SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...

PT-2025-18469

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the openvswitch component. The issue concerns the validation of nested key length in the set action, where it is no...

SUSE CVE-2013-1086

Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...

K000150804: Multiple Wireshark/tshark vulnerabilities

Security Advisory Description CVE-2020-26575 In Wireshark through 3.2.7, the Facebook Zero Protocol aka FBZERO dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVE-2018-14339 In Wireshark 2.6.0 to...

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

estree-util-value-to-estree 安全漏洞

estree-util-value-to-estree is a tool for converting JavaScript values to estree expressions by the individual developer Remco Haszing. A security vulnerability exists in estree-util-value-to-estree that stems from improper handling of the proto attribute, which could lead to prototype...

CVE-2025-3153

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has grant...

Incorrect Authorization

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Authorization via the Relay special node type. An attacker can access data or operations that should be restricted by bypassing the configure...

BIT-JOOMLA-2021-23124 [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has...

CVE-2025-3153

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has...

CVE-2025-3153

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has...

Cross-site Request Forgery (CSRF)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the formatWithoutCountry function, which does not sanitize the address attribute. A user with the ability to fill in an address attribute can modify...

CVE-2025-3153 Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute

Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified. Attackers are limited to individuals whom a site administrator has...

CVE-2025-3153

Concrete CMS versions affected:

PT-2025-14567 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 and earlier than 9.4.0RC2 Concrete CMS versions earlier than 8.5.20 Description: The issue concerns Concrete CMS's Address attribute, where addresses are not properly sanitized in the output when a country is not...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS versions prior to 9.4.0RC2, which stems from address attributes that are not properly cleaned up, and could lead to cross-site request forgery and...

SUSE CVE-2025-21915

In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driveroverrideshow Fixed a possible UAF problem in driveroverrideshow in drivers/cdx/cdx.c This function driveroverrideshow is part of DEVICEATTRRW, which includes both driveroverrideshow and...

AZL-59769 CVE-2025-21993 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this...

AZL-59892 CVE-2025-21993 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this...