matrix-media-repo 安全漏洞

matrix-media-repo is a highly configurable multi-domain media repository for Matrix open-sourced by t2bot.io. A security vulnerability exists in matrix-media-repo versions prior to v1.3.8, which stems from requests made to other servers during normal operation. These resource owners can return...

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

CVE-2023-49080

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

Mapbox: Stored XSS | api.mapbox.com | IE 11 | Styles name

On December 24, 2019, user @renekroka reported a stored XSS injection vulnerability on api.mapbox.com that affected users in Internet Explorer 11. An attacker could store XSS injections on Mapbox servers, and then exploit them in IE11 due to JSON responses not including the X-Content-Type-Options...

CVE-2018-1360

Fortinet FortiManager 5.2.x (<=5.2.7) and 5.4.x (