3 matches found
CLSA-2025-1757427057 grafana: Fix of CVE-2022-23552
CVE-2022-23552: sanitize SVG inputs in GeoMap by adding a dompurify preprocessor step, preventing stored XSS where malicious SVG could execute arbitrary JavaScript...
grafana: persistent xss in grafana core plugins
A flaw was found in The GeoMap and Canvas plugins of Grafana. The GeoMap and Canvas plugins are core plugins in Grafana, which means that all Grafana instances have GeoMap and Canvas installed. These two plugins are vulnerable to Cross-site scripting, where an attacker with an Editor role can add...
Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...