[SECURITY] Fedora 40 Update: xmlgraphics-commons-2.9-3.fc40

Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...

PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

GHSA-VR7M-R9VM-M4WF PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

fo-hoteldieu.eg2.fr Cross Site Scripting vulnerability OBB-3386986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview canopy-common-fo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

SUSE CVE-2021-30470

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions can lead to a stack overflow...

MAL-2023-157 Malicious code in canopy-common-fo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd983235acbe60ea7ab43744193a666e61c5bc35a50e7332217b14925f9d557c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in canopy-common-fo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd983235acbe60ea7ab43744193a666e61c5bc35a50e7332217b14925f9d557c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

new packages: hunspell-fo

An update is available for hunspell-fo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

EjuCMS fo***.php file has SQL injection vulnerability

EjuCMS is a localized O2O real estate website platform system. A SQL injection vulnerability exists in the EjuCMS fo.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL injection vulnerability in the fo***.class.php file of Laikai e-commerce management system

Laike e-commerce management system is an open source e-commerce management system. Laike e-commerce management system fo.class.php file SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information...

File upload vulnerability in myucms fo***.php page

MyuCMS open source content management system developed using ThinkPHP community mall. myucms fo.php page file upload vulnerability , an attacker can exploit the vulnerability to upload any file...

SQL Injection Vulnerability in eDoc Backend fo***.aspx Page

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. Electronic document library eDoc background fo.aspx page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

PbootCMS V1.1.7 SQL Injection Vulnerability in Fo***.php Page

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS V1.1.7 Fo.php page has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

ESPCMS Enterprise Website Management System V6.7.17.08.07 SQL Injection Vulnerability in fo***.php Page

ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. ESSENCE ESPCMS Enterprise Website Management System V6.7.17.08.07 SQL injection vulnerability exists in fo.php page. An attacker can exploit the vulnerability to obta...

fo-online.jp XSS vulnerability

Open Bug Bounty ID: OBB-411490 Description| Value ---|--- Affected Website:| fo-online.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...

deV!L'z Clanportal 1.5.2 Remote File Inclusion

========================================================== deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability ========================================================== + deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability...