2197 matches found
Fedora: Security Advisory (FEDORA-2023-64b2965699)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gitlab -- Vulnerabilities
Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...
[SECURITY] Fedora 37 Update: curl-7.85.0-12.fc37
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
The vulnerability of the “//line” directive in the Go programming language allows a violator to execute arbitrary code.
The vulnerability of the “//line” directive in the Go programming language is related to errors in data processing during syntax analysis of code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Cross-site Scripting via missing Binding syntax validation
Impact The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting XSS in the IdP contex...
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Impact When login via the OAuth method, the identityOAuth parameters, sent in a GET request is vulnerable to XSS and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The...
PT-2024-24346 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.18 XWiki Platform versions 15.5.4 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The HTML escaping tool used in XWiki does not escape , which can allow XWiki syntax injection an...
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
Cross site scripting
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144
The CVE concerns com.xwiki.identity-oauth:identity-oauth-ui used for OAuth-based identity providers. When logging in via OAuth, the identityOAuth GET parameter is vulnerable to XSS and XWiki syntax injection, enabling remote code execution via the groovy macro and impacting confidentiality, integ...
CVE-2023-45683 Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...
Cross-site Scripting (XSS)
froxlor/froxlor is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the markdown syntax in the customnotes field is improperly sanitized which allows an attacker to inject and execute html scripts...
OAuth Identity XWiki App Cross-Site Scripting Vulnerability
OAuth Identity XWiki App is an open source XWiki SAS library of essential elements for building identities and service providers based on OAuth authorization. A cross-site scripting vulnerability exists in OAuth Identity XWiki App, which stems from the identityOAuth parameter sent in a GET reques...
CVE-2023-45106
Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...
CVE-2023-45106 WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...
CVE-2023-45106 WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...
CVE-2023-45106
The CVE-2023-45106 CSRF vulnerability affects the Urvanov Syntax Highlighter WordPress plugin (versions