The vulnerability of TP-Link TL-WR940N router’s microprogramming software lies in the overflow of buffers on the stack, allowing an attacker to execute arbitrary code.

The vulnerability of TP-Link TL-WR940N router’s microprogramming software is related to buffer overflows during syntax analysis of file extension names. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

RHEL 7 : openldap (RHSA-2022:0621)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0621 advisory. OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocol...

SSRFire - An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! ; It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f customfile.txt -c cookies domain.com --- The domain for which you want to test yourserver.com --- Your server...

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

CVE-2022-23647

Prism.js Prism (command line plugin) is vulnerable to cross-site scripting due to improper escaping when output is inserted into the DOM. Affected versions: prior to 1.27.0 (1.14.0–1.26.x). The vulnerability does not affect Prism’s server-side usage or sites not using the Command Line plugin. The...

CVE-2022-23647 Cross-site Scripting in Prism

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

GitLab: Stored XSS in Notes (with CSP bypass for gitlab.com)

Summary I read the issue 345657 which handles the XSS in notes reported in Hackerone report 1398305. This issue fixes the reported XSS but leaves the HTML injection that was also mentioned. I don't know how you deal with these situations, but I thought I report this, and you can decide : The issu...

[SECURITY] Fedora 35 Update: ipython-7.26.0-3.fc35

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

CVE-2022-23620 Path traversal in xwiki-platform-skin-skinx

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

AlmaLinux 8 : raptor2 (ALSA-2021:1842)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1842 advisory. - raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML...

Open Policy Agent 安全漏洞

Open Policy Agent is an open source general-purpose policy engine that enables uniform, context-aware policy enforcement across the stack. Open Policy Agent suffers from a security vulnerability that stems from the fact that under certain conditions, pretty-printing an Abstract Syntax Tree AST...

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on attribute. Proof of Concept txt XSS PoC : xs...

The vulnerability of the Highlight.js lighting syntax tool, related to modifications of expected data, allows attackers to compromise data integrity and cause service failures.

The vulnerability of the Highlight.js lighting syntax tool is related to modifications of assumed data. Exploiting this vulnerability can allow an attacker to compromise data integrity and also cause service failures...

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...