Vulnerability fixed in GNU git

GNU has fixed a vulnerability in git. A malicious person could exploit the vulnerability to create a rogue repository from which scripts are automatically executed upon check out. This allows the malicious party to execute arbitrary code with permissions of git on the vulnerable system. GNU has...

DEBIAN-CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive...

WESEEK GROWI cross-site scripting vulnerability (CNVD-2021-16350)

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

Git 后置链接漏洞

Git is a free, open source distributed version control system. Git suffers from a back-linking vulnerability that allows an attacker to clone to a case-insensitive filesystem using a specially crafted repository that leads to the execution of just-checked scripts...

Aruba Networks AirWave Management Platform Cross-Site Scripting Vulnerability

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A reflective cross-site scripting vulnerability exists in the web...

OESA-2021-1068 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

CVE-2021-20066

A flaw was found in jsdom. JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-1351

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied...

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

Code injection

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

CVE-2021-20066

CVE-2021-20066 affects the JSDom project and describes an issue where local resources can be loaded improperly, allowing a malicious web page to manipulate local files when script execution is enabled. The core description across sources states that loading of local resources can bypass access re...

JSDom Security Vulnerabilities

A security vulnerability exists in JSDom that stems from incorrectly allowing local resources to be loaded, which allows local files to be manipulated by a malicious web page when script execution is enabled...

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...

CentOS 8 : libreoffice (CESA-2020:1598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1598 advisory. - libreoffice: Remote resources protection module not applied to bullet graphics CVE-2019-9849 - libreoffice: Insufficient URL validation allowing...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

Vulnerabilities fixed in MISP

Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...