Arbitrary JavaScript Execution

Overview In affected versions of less-openui5 processing untrusted theming resources might execute arbitrary code. Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

openSUSE Security Update : gcc7 (openSUSE-2020-2301)

This update for gcc7 fixes the following issues : - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue bsc1172798 - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instruction...

Inline JS XSS vulnerability in Mautic

Impact Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. Patches Upgrade to 2.12.0 or later. Workarounds None References https://github.com/mautic/mautic/releases/tag/2.12.0 For mo...

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03043)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline image with a specially crafted...

OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-03042)

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline binary to conduct a cross-site...

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file...

CVE-2021-23931

OX App Suite through 7.10.4 allows XSS via an inline binary file...

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...

Design/Logic Flaw

OX App Suite through 7.10.4 allows XSS via an inline binary file...

Cross site scripting

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...

CVE-2021-23931

OX App Suite (version up to 7.10.4) is affected by a cross-site scripting (XSS) vulnerability in the web UI, exploitable via an inline binary file. The issue is described as XSS via an inline binary file affecting OX App Suite 7.10.4, with no explicit exploitation details or remediation steps pro...

CVE-2021-23932

CVE-2021-23932 corresponds to an XSS vulnerability in OX App Suite up to version 7.10.4, exploitable via an inline image with a crafted filename. The connected sources confirm the vulnerability description and affected product, but do not provide any remediation details (e.g., patched version) wi...

CVE-2021-23932

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename...

Open-xchange OX App Suite 跨站脚本漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline binary to conduct a cross-site...

Open-xchange OX App Suite 跨站脚本漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker could exploit this vulnerability via an inline image with a specially crafted...

WordPress Newsletter plugin unsafe deserialization vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. An insecure deserialization vulnerability exists in the Newsletter plugin in WordPress versions prior to 6.8.2. An authenticated remote attacker can exploit this vulnerability to inject arbitrar...

CVE-2020-35932

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges such as subscribers to use the tpncrender AJAX action to inject arbitrary PHP objects via the optionsinlineedits parameter. NOTE: exploitability depends on PH...

WordPress Newsletter plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. An insecure deserialization vulnerability exists in the Newsletter plugin in WordPress versions prior to 6.8.2. An authenticated remote attacker can exploit this vulnerability to inject arbitrar...