Important: Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update

Updated images are now available for RHODF-4.16-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

Malicious code in firefox-screenshots (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d3138a26b7ea5f91361ed825aad5e3dc068f6b6655b68dd357565767f5ed968 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45879

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 fixed in version 1.35.291, in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting XSS. To exploit the persistent XSS vulnerability, an attacker has to be authenticated to...

CVE-2024-45177

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting XSS attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site...

CVE-2024-40893

Multiple authenticated operating system OS command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy BTLE interface can use the network configuration service to inject commands in various...

CVE-2024-31314

In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

CVE-2023-30968

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

CVE-2023-25810

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-25811

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

Malicious code in com.unity.multiplayer.tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c13b40d85fcab5bdfc69f73e935783405ed1d0304f221df3da1726462e86953 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...