Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-46589)

Summary IBM Security SOAR uses an older version of Apache Tomcat that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.0.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION:...

openSUSE Security Advisory (openSUSE-SU-2024:0037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Doppler: Github app(link) Takeover Listed on "https://docs.doppler.com/docs/github-actions" page

A github app presented on a Doppler documentation page was vulnerable to takeover, enabling attackers to achieve malicious objectives. The app link has since been removed or replaced to mitigate this vulnerability...

CVE-2024-1624 OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...

CVE-2024-27285

A flaw was found in the YARD Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file...

CVE-2024-0692

creationtimestamp| type| source ---|---|--- 2024-03-01 10:21:46+00:00| seen| https://t.me/ctinow/197474 2024-03-01 10:26:51+00:00| seen| https://t.me/ctinow/197477 2024-03-15 04:09:49+00:00| seen| https://t.me/arpsyndicate/4214 2024-03-28 22:46:22+00:00| published-proof-of-concept|...

SUSE-SU-2024:0726-1 Security update for Java

This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: New features: + Added Maven property project.build.outputTimestamp for build reproducibility Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version...

UBUNTU-CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

Cross site scripting

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285 YARD's default template vulnerable to Cross-site Scripting in generated frames.html

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285

CVE-2024-27285 affects YARD, a Ruby documentation generator. The vulnerability lies in the generated frames.html, where inadequate sanitization in the JavaScript of the frames.erb template allowed Cross-Site Scripting (XSS). Public advisories (Debian, Fedora, Ubuntu, NVD) attribute the issue to Y...

CVE-2024-27285 YARD's default template vulnerable to Cross-site Scripting in generated frames.html

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

YARD's default template vulnerable to Cross-site Scripting in generated frames.html

Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...

PT-2024-21793 · Yard +4 · Yard +4

Name of the Vulnerable Software and Affected Versions: YARD versions prior to 0.9.36 Description: The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of th...

[SECURITY] Fedora 38 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc38

This module is an adaptor for that reads XLSX files. For documentation about the various data that you can retrieve from these classes, please see , , , and...

[SECURITY] Fedora 39 Update: perl-Spreadsheet-ParseXLSX-0.31-1.fc39

This module is an adaptor for that reads XLSX files. For documentation about the various data that you can retrieve from these classes, please see , , , and...

GHSA-63H4-W25C-3QV4 Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type

TL;DR This vulnerability affects Kirby sites that use the new link field and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by another user or visitor. The link dialog of the writer field is not affected as the writer field...