286 matches found
DRUPAL-CONTRIB-2024-009
The CKEditor 4 LTS - WYSIWYG HTML editor module uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that on certain configurations may impact the Drupal module that bundles and integrates this code. The vulnerability is mitigated by the fact it requires: 1...
CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009
The CKEditor 4 LTS - WYSIWYG HTML editor module uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that on certain configurations may impact the Drupal module that bundles and integrates this code. The vulnerability is mitigated by the fact it requires: full-pa...
SUSE CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...
DEBIAN-CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
UBUNTU-CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
PT-2024-20582 · Ckeditor4 +3 · Ckeditor4 +3
Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.24.0-lts Description: A cross-site scripting vulnerability has been discovered in the core HTML parsing module of CKEditor4. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...
Apache ActiveMQ Unauthenticated Remote Code Execution
This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. Module Options msf use...
Debian dla-3565 : ruby-loofah - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3565 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected]...
CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
Server side request forgery (ssrf)
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery SSRF...
CVE-2023-24243
CVE-2023-24243 : The Nuclei template for CVE-2023-24243 details a Server-Side Request Forgery (SSRF) in CData RSB Connect v22.0.8336 . The vulnerability enables an attacker to trigger the server to make arbitrary outbound requests, with potential for unauthorized access or data leakage as implied...
PT-2023-19496 · Cdata · Cdata Rsb Connect
Name of the Vulnerable Software and Affected Versions: CData RSB Connect version 22.0.8336 Description: A Server-Side Request Forgery SSRF issue was discovered. This issue allows an attacker to trick the server into making unintended requests, potentially leading to unauthorized access to sensiti...