Apache Superset Stored XSS on Dashboard markdown

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

GHSA-W358-RJ93-R5QV Apache Superset Stored XSS on Dashboard markdown

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

GHSA-RP4X-H577-CHVQ Stored XSS vulnerability in Jenkins Active Choices Plugin

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.7...

GHSA-MPH8-6787-R8HW Use After Free in Hermes

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

GHSA-6Q5M-22MQ-Q2XV Istio Authorization Bypass Vulnerability

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters %2F or %5C could potentially bypass an Istio authorization policy when path based authorization rules are used...

Magento information disclosure vulnerability

When in maintenance mode, Magento version 2.4.0 and 2.3.4 and earlier are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable...

Stored XSS vulnerability in android-lint Plugin

Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

Stored XSS vulnerability in Jenkins Git Parameter Plugin

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Git Parameter Plugin 0.9.13 escapes the repository field o...

GHSA-3MWJ-7VMQ-W43P Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

GHSA-9R3H-WM3X-V245 RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin

ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to ElasticBox Jenkins Kubernetes CI/CD...

GHSA-JF8X-943C-R4H6 Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...

Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to...

Matrikon OPC Server

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...

KiviCare < 2.3.9 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users PoC With at least one doctor created via the plugin: v 2.3.4 curl...

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...

CVE-2020-6105

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

Mitsubishi Electric MELSEC iQ-F Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01...