17 matches found
GHSA-G9WG-98C2-QV3V TCPDF Cross-site Scripting vulnerability
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
TCPDF Cross-site Scripting vulnerability
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
DEBIAN-CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
TCPDF 安全漏洞
TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.7.4, which stems from incorrectly handling calls that use HTML syntax...
CVE-2024-32489
TCPDF vulnerability CVE-2024-32489 involves mishandling calls that use HTML syntax. Connected advisories confirm impact across Debian releases with multiple CVEs in TCPDF and provide versioned fixes: Debian bullseye updates to 6.3.5+dfsg1-1+deb11u1; Debian bookworm fixes to 6.6.2+dfsg1-1+deb12u1;...
CVE-2024-32489
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of...
Debian: Security Advisory (DLA-273-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
How to bypass libinjection in many WAF/NGWAF
Before we start, libinjection is a very popular open-source project created by Nick Galbreath from Signal Sciences. A lot of WAFs and NGWAFs use this library instead of regular expressions because of performance. For example, modsecurity since version 2.7.4 supports libinjection by two operators ...
Debian DLA-273-1 : tidy security update
Fernando Muoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this flaw to cause a DoS, or probably, execute arbitrary code. Two different CVEs were assigned to this issue...
[SECURITY] [DSA 3309-1] tidy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq -...
DLA-273-1 tidy - security update
Bulletin has no description...
DSA-3309-1 tidy - security update
Bulletin has no description...