Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18...

CVE-2023-51668

Technical details are not publicly provided in the connected documents. The initial entry notes a CSRF vulnerability in WP Zone Inline Image Upload for BBPress (affecting up to 1.1.18); no further specifics are included here. Monitor for updates.

WordPress Plugin Inline Image Upload for BBPress Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2023-50871

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed...

CVE-2023-50871

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed...

Authorization

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed...

CVE-2023-50871

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed...

CVE-2023-50871

The CVE covers a vulnerability in JetBrains YouTrack: prior to 2023.3.22268, an authorization check for inline comments inside thread replies could be bypassed, exposing unauthorized access to sensitive inline-comment data. Affected software is JetBrains YouTrack (pre-2023.3.22268); root cause is...

Cross-site Scripting (XSS)

Overview Squidex.ClientLibrary is a ClientLibrary for Squidex Headless CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due an incomplete blacklist in the SVG inspection process. An attacker can inject malicious JavaScript via the SRC attribute of an IFRAME elemen...

GHSA-92R3-M2MG-PJ97 Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...

Cross-site Scripting (XSS)

vite is vulnerable to Cross-Site Scripting. This vulnerability exists because it does not properly sanitize inline scripts in the server.transformIndexHtml function, allowing an attacker to inject and execute malicious JavaScript into the browser. This vulnerability is only exploitable if the...

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

PT-2023-7610

Name of the Vulnerable Software and Affected Versions Vite versions prior to 4.4.12 Vite versions prior to 4.5.1 Vite versions prior to 5.0.5 Description The issue is related to Vite's HTML transformation when invoked manually via server.transformIndexHtml. If the original request URL is passed i...

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

kernel: ext4: fix WARNING in ext4_update_inline_data

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4updateinlinedata Syzbot found the following issue: EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation...

libreoffice: Remote documents loaded without prompt via IFrame

A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating...