CVE-2021-32802 Preview generation used third-party library not suited for user-generated content in Nextcloud server

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

RHEL 8 : cloud-init (RHSA-2021:3371)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3371 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

Outsystems OutSystems Platform 跨站脚本漏洞

Outsystems OutSystems Platform is a set of enterprise-level low-code development platform from OutSystems Outsystems. The platform is primarily used for the visual development of applications. A cross-site scripting vulnerability exists in OutSystems Platform that stems from a stored XSS...

travelmanagers.com.au Cross Site Scripting vulnerability OBB-2125991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Trend-spotting email techniques: How modern phishing emails hide in plain sight

With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscur...

Trend-spotting email techniques: How modern phishing emails hide in plain sight

With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscur...

CVE-2021-39250

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

Cross site scripting

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

CVE-2021-39250

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

CentOS 8 : cloud-init (CESA-2021:3081)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:3081 advisory. - cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Note that Nessus has not tested for this issue but has...

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

RLSA-2021:3081 Moderate: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: randomly generated passwords logged in clear-text to...

CVE-2021-37403

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

Cross site scripting

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...

Cross site scripting

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

CVE-2021-37403

OX App Suite vulnerable to XSS via a code snippet in user-generated content when a sharing link is created and an App Loader relative URL is used. Affected versions: before 7.10.3-rev32 and before 7.10.4-rev18. The vulnerability stems from how the App Loader relative URL handles shared links. Rem...

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

CVE-2021-26698

Open-Xchange OX App Suite is affected by a cross-site scripting vulnerability in older releases. Affected products: OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18. The issue arises when a sharing link is created and the dl parameter is used, allowing XSS via user-generated co...

ALPINE-CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...