kernel: ext4: avoid online resizing failures due to oversized flex bg

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbgsize, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARNO...

Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features

Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CuppaCMS 跨站脚本漏洞

CuppaCMS is a content management system CMS. A security vulnerability exists in CuppaCMS v1.0, which originates from a cross-site scripting vulnerability in /tablemanager/view/cuusergroups that allows an attacker to execute arbitrary web script or HTML via a specially crafted payload injected int...

CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

Cross-site Request Forgery (CSRF)

showdoc/showdoc is vulnerable to cross-site request forgery. The library does not verify the authenticity of requests due to a lack of anti-CSRF protection, allowing an attacker to create a new group for any item if users visit the attacker site...

Cross site scripting

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2015-5521

Cross-site scripting XSS vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php...

Localize: Full Path Disclosure / Info Disclosure in Creating New Group

Hi, I found another information disclosure vulnerability/Full Path Disclosure on your application. this time its on Creating New Group Section. Proof of Concept ------------------------- GET : http://www.localize.io/pages/createproject/ project ID POST CONTENT: CSRFToken=TOKEN...

Addressbook v8.1.24.1 Group Name XSS

Instructions. After authentication, click on the Group tab at the top. Click on the New Group Button on the group page. For the group name the first field enter the following XSS test string: SCRIPTalertString.fromCharCode88,83,83/SCRIPT Then call the XSS string from the URL -- technically one...

Addressbook 8.1.24.1 / 8.2.5 Cross Site Scripting

Instructions. After authentication, click on the Group tab at the top. Click on the New Group Button on the group page. For the group name the first field enter the following XSS test string: alertString.fromCharCode88,83,83 Then call the XSS string from the URL -- technically one calls the group...