Cross site scripting

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

CVE-2019-14961

JetBrains Upsource prior to 2019.1.1412 is affected by a Cross‑Site Scripting (XSS) vulnerability due to insufficient escaping of code blocks (HTML tags) in code block comments. The issue is documented across multiple sources (e.g., CVE-2019-14961, JetBrains Security Bulletin Q2 2019) and is reso...

Privilege Escalation

Oracle Java SE is vulnerable to privilege escalation vulnerability. The vulnerability exists in the Java SE, Java SE Embedded component of Oracle Java SE due to an unknown code block of the component Hotspot. An unauthenticated attacker with network access via multiple protocols could compromise...

Easy WP SMTP v1. 3. 9）0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

Cross-Site Scripting (XSS)

erusev/parsedown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the contents of any element with a specific class when safe-mode is used and HTML markup is disabled. This is possible as spaces are permitted in code...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

Design/Logic Flaw

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

CVE-2019-10905

Parsedown before 1.7.2 is vulnerable. When safe mode is enabled and HTML markup is disabled, spaces in code block infostrings can cause a script to execute arbitrary JavaScript in an element with a class starting language-, enabling cross-site scripting. Root cause: spaces in code block infostrin...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

Fedora 28 : php-erusev-parsedown (2019-009fdcfb60)

1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...

Fedora 29 : php-erusev-parsedown (2019-b02e9bf467)

1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...

systemd - 'chown_one()' Dereference Symlinks

I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When chownone in the recursive chown logic decides that it has to change ownership of a directory entry, it...

XSS Vulnerability in Code Block Macro

h3. Summary There appears to be an XSS vulnerability when using the powershell syntax from within the Confluence Code Block Macro h3. Environment Confluence 6.6.6 h3. Steps to Reproduce Create a test page add macros code block select language=powershell enter...

Stored XSS in Confluence / Links in Code Block

This is reported from bugcrowd: publish code block with content single quotes included: 'https://w3.org/"style="width:100%;height:100%;position:fixed;left:0;top:0"onmousemove=alert1//' That should work both in comment and article sections...

HackerOne: Markdown code block sequence makes report unreadable

Proof of Concept Submitting a report/comment with an input like the following "Three backticks followed by a newline followed by -ddd/d" will cause the report to be unreadable I think it's because the parser is crashing? The attached file includes the input that I'm trying with difficulty to...

CVE-2012-4357

Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code blo...

CVE-2012-4357

Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code blo...

Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...