[SECURITY] [DLA 3428-1] node-nth-check security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3428-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 20, 2023 https://wiki.debian.org/LTS -...

CVE-2022-47183 WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin = 0.2.6 versions...

CVE-2022-47183

CVE-2022-47183 concerns the WordPress plugin “StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks” (versions 0.2.6) to mitigate the CSRF vulnerability; no exploit details are provided in the supplied documents.

dmtemdebate.com.br Cross Site Scripting vulnerability OBB-3352078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress FooGallery Plugin < 2.0.35 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fooplugins:foogallery"; if description...

MGASA-2023-0169 Updated golang packages fix security vulnerability

Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...

Updated golang packages fix security vulnerability

Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...

Code Injection

go is vulnerable to Code Injection. The vulnerability causes CSS contexts to unexpectedly close if templates contains multiple actions separated by a '/' are included which could result in injections of unexpected HTML...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM : css-what vulnerabilities (USN-6065-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6065-1 advisory. It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

AZL-52668 CVE-2023-24539 affecting package golang for versions less than 1.20.7-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

AZL-26625 CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

DEBIAN-CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

AZL-37362 CVE-2023-24539 affecting package golang for versions less than 1.21.6-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

AZL-37307 CVE-2023-24539 affecting package golang for versions less than 1.21.6-1

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

UBUNTU-CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

Input validation

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

CVE-2023-24539 Improper sanitization of CSS values in html/template

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...