[SECURITY] Fedora 31 Update: roundcubemail-1.4.7-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan (CVE-2019-17495)

Summary There is a Swagger vulnerability that affects WebSphere Application Server Liberty shipped with IBM StoredIQ InstaScan. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By usi...

visenze.com Cross Site Scripting vulnerability OBB-1214544

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cross-Site Scripting (XSS)

css-validator is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the URL when an error message is displayed...

CVE-2020-4070

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

CVE-2020-4070

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

Cross site scripting

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

CVE-2020-4070 Cross-site Scripting in CSS Validator

In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9...

CVE-2020-4070

The CVE-2020-4070 issue affects the CSS Validator. The vulnerability is a cross-site scripting (XSS) flaw in how URIs are handled, triggered when a user clicks a specially crafted validator link. The problem is scoped to CSS Validator builds up to commit 54d68a1, and a patch was applied in commit...

[SECURITY] Fedora 31 Update: roundcubemail-1.4.6-1.fc31

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.6-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

ulakbag.ulakbim.gov.tr Cross Site Scripting vulnerability OBB-1200600

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)

This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. Note that...

Security Bulletin: Vulnerability in Swagger affects IBM Spectrum Protect Plus (CVE-2019-17495)

Summary A security vulnerability in Swagger which could allow a remote attacker to obtain sensitive information affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS...

h1-ctf: [h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments

Hi, First things first, the flag of the CTF challenge. F863095 Write-Up I've published my write-up at https://kapytein.nl/texts/2020-06-10-h1-2006-ctf-writeup-2cf34abd3ed/, in order to avoid a lengthy report 😅. TL;DR 1 2FA bypass as we control both values on the comparison. 2 SSRF to...

h1-ctf: [h1-2006 2020] Chained vulnerabilities lead to account takeover

Summary Mårten Mickos lost his account for BountyPay, the new service HackerOne is using to pay bug bounties. In this report I explain how I accessed a customer's account using a log file and bypassed its 2FA validation. I then leverage an open redirect bug to gain access to an internal server an...

csscreator.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1188571 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

OPENSUSE-SU-2020:0780-1 Security update for libcroco

This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. - CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. This update...

Remote Code Execution

sabberworm/php-css-parser is vulnerable to remote code execution. Untrusted user input is passed into eval when the functions allSelectors or getSelectorsBySpecificity are called which will lead to arbitrary code execution...