PT-2023-33522 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue is related to resolving backrefs for inline extent followed by prealloc in btrfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2023-33949 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: A bug exists in the ext4 file system, specifically in the ext4 clu mapped function when used with bigalloc and inline features. The actual impact and potential for exploitation have not bee...

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add an "Inline Popular Posts" to...

Inline SVG vulnerable to Cross-site Scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

CVE-2020-36644

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

Cross site scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

CVE-2020-36644 jamesmartin Inline SVG URL Parameter helpers.rb cross site scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

CVE-2020-36644

Inline SVG by jamesmartin is affected up to version 1.7.1. The vulnerability resides in the URL Parameter Handler, specifically lib/inline_svg/action_view/helpers.rb, where manipulating the filename argument can trigger cross-site scripting. It can be exploited remotely. Upgrading to version 1.7....

CVE-2020-36644 jamesmartin Inline SVG URL Parameter helpers.rb cross site scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

Inline SVG 跨站脚本漏洞

Inline SVG is a library from the personal developer James Martin. SVG documents are styled for use on the Web using CSS by adding classes to the document and embedding them in HTML. A cross-site scripting vulnerability exists in Inline SVG that stems from unknown functionality in the file...

Inline SVG SQL注入漏洞

Inline SVG is a library from the personal developer James Martin. SVG documents are styled for use on the Web using CSS by adding classes to the document and embedding them in HTML. Inline SVG suffers from a SQL injection vulnerability that originates from an unknown section and operates to cause...

PT-2023-11814 · Unknown · Jamesmartin Inline Svg

Name of the Vulnerable Software and Affected Versions: jamesmartin Inline SVG versions up to 1.7.1 Description: A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument filename leads to...

Inline SVG vulnerable to Cross-site Scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

[SECURITY] Fedora 37 Update: w3m-0.5.3-58.git20220429.fc37

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...

a2ml (>=0.1.0 <=0.1.2), aadetools (>=0.0.3 <=0.0.5) +629 more potentially affected by CVE-2022-40898 via wheel (>=0.24.0 <=0.38.0)

wheel PYPI version =0.24.0, =0.1.0, =0.0.3, =3.0.0, =0.1.1, =0.1.0, =1.0.0, =0.14.0, =1.4.6, =1.0.1, =1.0.17, =3.9.0, =2.4.1, =4.1.1 and more Source cves: CVE-2022-40898 Source advisory: OSV:GHSA-QWMP-2CF2-G9G6...

CVE-2022-23543 HTML attributes when attaching a YouTube link to the post

Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped...

Mozilla: Iframe contents could be rendered outside the iframe

The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks...

Mozilla: Iframe contents could be rendered outside the iframe

The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks...

kernel: net: preserve skb_end_offset() in skb_unclone_keeptruesize()

In the Linux kernel, the following vulnerability has been resolved: net: preserve skbendoffset in skbunclonekeeptruesize syzbot found another way to trigger the infamous WARNONONCEdelta truesize value, we also need to make sure TCP wont fill new tailroom that pskbexpandhead was able to get from a...

kernel: ext4: fix bug_on in ext4_writepages

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in ext4writepages we got issue as follows: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here ------------ kernel...