PT-2021-19240 · Telegram +2 · Telegram Ios +4

Name of the Vulnerable Software and Affected Versions: Telegram Android versions prior to 7.1.0 2090 Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 Description: The issue is related to a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of th...

PT-2021-19241 · Telegram +2 · Telegram Ios +4

Name of the Vulnerable Software and Affected Versions: Telegram Android versions prior to 7.1.0 2090 Telegram iOS versions prior to 7.1 Telegram macOS versions prior to 7.1 Description: A Heap Buffer Overflow issue exists in the LOTGradient::populate function of the custom fork of the rlottie...

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. 🕵️‍♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...

Fork CMS Cross-Site Scripting Vulnerability (CNVD-2021-34510)

Fork is an easy to use, open source CMS using Symfony components. A persistent cross-site scripting vulnerability exists in Fork CMS version 5.8.2. The vulnerability can be exploited to inject arbitrary Javascript code via the navigationtitle and title parameters in /private/en/pages/add...

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

CVE-2020-23264

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

CVE-2020-23264

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

Cross site request forgery (csrf)

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

CVE-2020-23264

Cross-site request forgery CSRF in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators...

CVE-2020-23264

CVE-2020-23264 is a CSRF vulnerability in the Fork-CMS platform, affecting versions before 5.8.2 . The issue allows remote attackers to hijack the authentication of logged-in administrators. The provided documents specify the vulnerability but do not include a concrete root-cause analysis or expl...

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

CVE-2020-23263

Fork CMS 5.8.2 is affected by a persistent cross-site scripting (XSS) vulnerability (CVE-2020-23263). Attack vector: remote, via user-supplied data in navigation_title and title parameters on /private/en/pages/add. Impact described as injection of arbitrary Javascript code; authenticated/unauthen...

Fork CMS 跨站脚本漏洞

Fork is an easy to use, open source CMS using Symfony components. A persistent cross-site scripting vulnerability exists in Fork CMS version 5.8.2. The vulnerability can be exploited to inject arbitrary Javascript code via the navigationtitle and title parameters in /private/en/pages/add...

Lack of chain information in the signed data leads to potential replay attacks.

Handle shw Vulnerability details Impact The Offer structure, whose hash is signed by a maker, does not contain information of the current chain. Therefore, the signature is valid on all EVM-compatible chains. In the situation of a future hard fork of the Ethereum network, the valid signatures on...

UBUNTU-CVE-2021-22200

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user...

PT-2021-14911 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 and later Description: An issue has been discovered affecting GitLab CE/EE, where under a special condition, it was possible for an anonymous user to access data of an internal repository through a public project...

Pillow -- multiple vulnerabilities

python-pillow reports: This release fixes several vulnerabilities found with OSS-Fuzz. CVE-2021-25288: Fix OOB read in Jpeg2KDecode. This dates to Pillow 2.4.0. CVE-2021-28675: Fix DOS in PsdImagePlugin. This dates to the PIL fork. CVE-2021-28676: Fix FLI DOS. This dates to the PIL fork...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter 🕵️‍♂️ Proof of Concept Vulnerable Parameter: publishontime XSS payload: 17:59'"&%alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter 🕵️‍♂️ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...