CVE-2021-3137

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

CVE-2021-3137

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

CVE-2021-3137

CVE-2021-3137 affects XWiki 12.10.2, enabling XSS via an SVG document uploaded to the comment feature. Root cause: insecure handling of SVG uploads leading to script injection. Impact: cross-site scripting in affected deployments. Mitigation: vendor fix (VendorFix) referenced by OpenVAS entries; ...

CVE-2021-3137

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section...

Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)

Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...

Xwiki CMS 12.10.2 Cross Site Scripting

Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...

CVE-2020-26733

Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...

CVE-2020-26733

CVE-2020-26733: XSS in the Configuration page of SKYWORTH GN542VF (HW 2.0 / SW 2.0.0.16). The vulnerability resides in the DDNS Configuration section, allowing an authenticated attacker to inject script via that page. Documented impact is Cross Site Scripting with partial integrity impact and low...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

OSV-2018-208 Global-buffer-overflow in bloaty::wasm::Section::Read

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9540 Crash type: Global-buffer-overflow READ 8 Crash state: bloaty::wasm::Section::Read bloaty::wasm::ParseSections bloaty::wasm::WebAssemblyObjectFile::ProcessFile...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Doppler VDP: User Access Control in Community Plan

Summary: Hello, I have found a logical issue in the Billing Subscription section. A given user is able to maintain User Access Control UAC feature in Community Plan. Steps To Reproduce: Setup two accounts let's say Alice and Bob 1. Login using Alice account and create a workspace with any name sa...

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...

XXL-JOB cross-site scripting vulnerability (CNVD-2021-44699)

XXL-JOB is a distributed task scheduling platform whose core design goals are rapid development, simple learning, lightweight and easy to extend. A stored cross-site scripting vulnerability exists in XXL-JOB 2.2.0 in the "Add User" section, which can be exploited to bypass a 20-minute vulnerabili...

Heap overflow

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfdgetlsigned32 in libbfd.c because shentsize is not validated in bfdelfslurpsecondaryrelocsection in elf.c...

Ueeshop comment section has XSS vulnerability

Ueeshop provides e-commerce website building cross-border independent station building platform. Ueeshop comment area there is an XSS vulnerability, attackers can use the vulnerability to implant malicious js code, such as stealing cookies hanging horse and other operations...

CVE-2020-25495

A reflected Cross-site scripting XSS vulnerability in Xinuo formerly SCO Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...