PT-2023-22639 · Beetl · Beetl

Name of the Vulnerable Software and Affected Versions: beetl version 3.15.0 Description: An issue in the render function allows attackers to execute server-side template injection SSTI via a crafted payload. Recommendations: For beetl version 3.15.0, consider disabling the render function until a...

CVE-2023-1836

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as...

GHSA-9JQ5-XWQW-Q8J3 XWiki Platform vulnerable to page render failure due to broken translations

Impact It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. Patches The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Workarounds There is no other workaround other than fixing any way...

eslint-detailed-reporter 跨站脚本漏洞

eslint-detailed-reporter is a detailed HTML reporting program for ESLINT by the individual developer Marcelo Sauerbrunn Portugal. A cross-site scripting vulnerability exists in eslint-detailed-reporter prior to version 0.9.0, which stems from a security issue in the function renderIssue in the...

PT-2023-10163 · Bestwebsoft · Bestwebsoft Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Contact Form Plugin version 1.3.4 Description: A vulnerability was found in the BestWebSoft Contact Form Plugin and classified as problematic. The issue affects the function bws add menu render of the file bws menu/bws menu.php. T...

CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial o...

CVE-2022-47154

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-47154

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-47154 WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

CVE-2022-25967

A flaw was found in the ETA npm package. Affected versions of this package are vulnerable to remote code execution RCE by overwriting template engine configuration variables with view options received from The Express render API...

PT-2023-15198 · Unknown · Pi Websolution Css Js Manager +1

Name of the Vulnerable Software and Affected Versions: Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin versions = 2.4.49 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows a...

Cross site scripting

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely...

PT-2023-10010 · Unknown · Dd32 Debug Bar Plugin

Name of the Vulnerable Software and Affected Versions: dd32 Debug Bar Plugin versions up to 0.8 Description: A vulnerability was found in the dd32 Debug Bar Plugin, which has been declared as problematic. The issue affects the render function of the file panels/class-debug-bar-queries.php, leadin...

Atlassian Jira < 8.5.13 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

Atlassian Jira 8.14.0 < 8.15.1 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

Atlassian Jira 8.6.0 < 8.13.15 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

SUSE CVE-2023-25360

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

SUSE CVE-2023-25361

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

SUSE CVE-2023-25363

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to React's render cycle in the "Text" plugin which passes through the unsanitized HTML code, allowing an attacker with an editor role to inject and execute malicious JavaScript, and take over the...