TYPO3 Cross-Site Scripting in Filelist Module

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the...

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

Fedora 22 : roundcubemail-1.1.2-1.fc22 (2015-11405)

Release 1.1.2 - Add new plugin hook 'identitycreateafter' providing the ID of the inserted identity 1490358 - Add option to place signature at bottom of the quoted text even in top-posting mode sigbelow - Fix handling of %-encoded entities in mailto: URLs 1490346 - Fix zipped messages downloads...

Calendarix 0.8.20071118 - SQL Injection

Informatique inside Calendarix : SQL injection Version : 0.8.20071118 et infrieur Author : Thibow Contact : Thibow4tlinformatique-insidedotcom Location : France Website : http://www.informatique-inside.com Dork : "inurl:calday.php?op=day&catview=" Solution : Update: http://www.calendarix.com/ . :...