CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

CVE-2024-11368

CVE-2024-11368 affects Splash Sync (WordPress) up to version 2.0.6. The vulnerability is a reflected Cross‑Site Scripting (XSS) caused by improper escaping in add_query_arg, enabling unauthenticated attackers to inject scripts into pages that a user visits after being tricked into performing an a...

CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting

The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

WordPress plugin Captivate Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-35936 · Adobe · Captivate Sync

Name of the Vulnerable Software and Affected Versions: Captivate Sync versions through 2.0.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions...

PT-2024-16940 · WordPress · Splash Sync

Name of the Vulnerable Software and Affected Versions: Splash Sync plugin for WordPress versions up to, and including, 2.0.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts into page...

WordPress plugin Splash Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress Splash Sync plugin <= 2.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Splash Sync versions = 2.0.7...

SUSE CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

SUSE CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the synclinkedregs function in the bpf subsystem to preserve the subregdef flag, which could le...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the Sliding Sync feature. An attacker can leak partial room state changes to...

GHSA-56W4-5538-8V8H Synapse Matrix has a partial room state leak via Sliding Sync

Impact The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. Patches Synapse version 1.120.1 fixes the problem. Workarounds Disable Sliding Sync. References...

Synapse Matrix has a partial room state leak via Sliding Sync

Impact The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. Patches Synapse version 1.120.1 fixes the problem. Workarounds Disable Sliding Sync. References...

Improper Input Validation

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...

Synapse allows a a malformed invite to break the invitee's `/sync`

Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received ov...

GHSA-F3R3-H2MQ-HX2H Synapse allows a a malformed invite to break the invitee's `/sync`

Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received ov...

CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

DEBIAN-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

DEBIAN-CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...