CVE-2021-45895

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

CVE-2021-45895

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

Cross site scripting

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

CVE-2021-45895

Netgen Tags Bundle vulnerability CVE-2021-45895 affects Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15, where the Tags Admin interface is susceptible to cross-site scripting (XSS). ROOT CAUSE: improper escaping in the Tags Admin UI leads to injected JavaScript execution. IMPACT: X...

CVE-2021-45895

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

Netgen Tags Bundle 跨站脚本漏洞

Netgen Tags Bundle is an eZ platform package for category management and easier content categorization, providing more content tagging features than the field types included in the ezkeywordeZ distribution kernel. A security vulnerability exists in Netgen Tags Bundle, which stems from Netgen Tags...

GSD-2021-1002565 rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()

rxrpc: Fix rxrpcpeer leak in rxrpclookupbundle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.7 by commit...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via a Gemfile that includes gem entries that use the git option with invalid values with a leading dash. The attacker has to craft a directory containing a Gemfile file that declares a dependency that is located...

PT-2021-23229 · Symfony · Symfony/Securitybundle

Name of the Vulnerable Software and Affected Versions: Symfony/SecurityBundle versions 5.3.0 through 5.3.11 Description: The issue arises from the rework of the Remember me cookie in Symfony version 5.3.0, where the cookie is not invalidated when a user changes their password. This allows attacke...

Sensio Labs Symfony 授权问题漏洞

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools that can be used to quickly create complex web programs. An authorization issue vulnerability exists in Symfony...

OESA-2021-1428 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Use of a Key Past its Expiration Date

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the inclusion of an expired certificate in the ca-bundle.crt file. An attacker can potentially leverage th...

Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerabilities

Multiple vulnerabilities in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected...

DRUPAL-CONTRIB-2021-042

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bund...

Linkit - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-042

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. It does not sufficiently sanitize user input. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bund...

CVE-2021-34410

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...

CVE-2021-34410

A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...

CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

Learn Ethical Hacking From Scratch — 18 Online Courses for Just $43

If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career? The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills...

com.antheminc.oss:nimbus-core (>=1.1.7 <=1.2.0.M5), com.antheminc.oss:nimbus-entity-dsl (>=1.1.7 <=1.2.0.M5) +110 more potentially affected by CVE-2021-35043 via org.owasp.antisamy:antisamy (>=1.5.7 <=1.6.3)

org.owasp.antisamy:antisamy MAVEN version =1.5.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.1, =1.2.1, =1.2.1, =1.0.5, =1.0.5, =1.0.5, =1.0.5, =1.5.14, =1.5.14, =1.5.14, =1.5.26 and more Source cves: CVE-2021-35043 Source advisory: OSV:GHSA-9C8W-JRW3-Q2C3...