EUVD-2021-2078

Malware in sbrugna...

CVE-2024-23190

The CVE-2024-23190 issue affects Open-Xchange App Suite (Ox App Suite) where manipulating upsell shop information in an account can lead to script execution in a user’s browser session. The root cause is improper handling of user-defined upsell content; sanitization has been improved in updates. ...

USN-5121-2: Mailman vulnerabilities

USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. CVE-2020-12108,...

Light Messages <= 1.0 - CSRF to Stored XSS

The plugin is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them even with the unfilteredhtml disallowed. As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the...

Kibana 3.1.3

We've identified two content sanitation issues in Kibana 3. While these are low impact and difficult to trigger we're releasing Kibana 3.1.3 to correct them: https://www.elastic.co/downloads/past-releases/kibana-3-1-3...

PHP Arena PAFileDB 3.1 - Multiple Remote Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12758/info Multiple remote cross-site scripting vulnerabilities affect PHP Arena PaFileDB. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...

DieselScripts Job Site Forgot.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19622/info Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may...