PT-2024-36730 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: The issue allows malicious payloads to be stored and subsequently executed in users' browsers under specific conditions. This is a result of XSS from JavaScript in an SVG...

PT-2024-9339 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 8.8.0 through 10.2.11 Drupal Core versions 10.3.0 through 10.3.9 Drupal Core versions 11.0.0 through 11.0.8 Description: The issue is related to insufficient protection of the web page structure, allowing an attacker to...

PT-2023-6795 · Apple +6 · Safari +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...

GHSA-W4PJ-7P68-3VGV Stored XSS in October

Impact A user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. Patches Issue has been patched in Build 466 v1.0.466 & RainLab.Blog v1.4.1 by restricting the...