Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar, which stems from the fact that lack of cleanup of user-controlled parameters used to dynamically generate HTML field values can...

GHSA-JX34-GQQQ-R6GM Stored XSS via HTML fields in SilverStripe Framework

SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...

Stored XSS via HTML fields in SilverStripe Framework

SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...

CVE-2022-25238: Stored XSS via HTML fields

More info at https://www.silverstripe.org/download/security-releases/cve-2022-25238...

lpar2rrd 安全漏洞

Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability exists in lpar2rrd that stems from a password management error in XoruX LPAR2RRD and STOR2RRD prior to 7.30. An attacker could exploit this vulnerability to cause information disclosure due to the...

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...