CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

Design/Logic Flaw

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

CVE-2020-9007

CVE-2020-9007 affects Codoforum 4.8.8. The issue is a self-XSS vulnerability in the title of a new topic, stemming from insufficient validation of client-side data by the web application (CNVD/CVEs describe it as a cross-site scripting flaw). Practical impact is client-side code execution within ...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

PT-2020-20431 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0 Description: The issue allows for XSS attacks through the joinfiles, topic, or code parameter, or the HTTP Referer header. Recommendations: For Dolibarr version 11.0, consider restricting access to the vulnerable...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

Huawei EulerOS: Security Advisory for irssi (EulerOS-SA-2019-2161)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress bbPress Login Register Links On Forum Topic Pages plugin <= 2.7.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability

CSRF to Stored XSS vulnerability found in WordPress bbPress Login Register Links On Forum Topic Pages plugin versions = 2.7.5. Solution Update the WordPress bbPress Login Register Links On Forum Topic Pages plugin to the latest available version at least 2.8.5...

Empire cms add topic at the existence of SQL injection vulnerability

Empire CMS is a content management system CMS. A SQL injection vulnerability exists in Empire cms at Add Topic. An attacker can exploit the vulnerability to obtain sensitive database information...

Fedora 29 : mosquitto (2019-d99e2329cb)

1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...

Fedora 31 : mosquitto (2019-4c69fb4cd7)

1.6.7 ===== Broker : - Add workaround for working with libwebsockets 3.2.0. - Fix potential crash when reloading config. Client library : - Don't use / in autogenerated client ids, to avoid confusing with topics. - Fix mosquittomaxinflightmessagesset and mosquittointoption..., MOSQOPTMAX,...

CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

DEBIAN-CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

ALPINE-CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

Stack overflow

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

ZZCMS website builder system topic module ztb parameters exist SQL injection vulnerability

ZZCMS with product investment type template, you can quickly build product investment website. ZZCMS website builder system topic module ztb parameter SQL injection vulnerability, attackers can use the vulnerability to obtain database information...

TIBCO Security Advisory: June 11, 2019 - ApacheKafka

Apache Kafka Vulnerable To Persistent Remote Denial Of Service Via Topic Names Original release date: June 11,2019 Last revised: Source: TIBCO Software Inc. Apache Kafka Vulnerable To Persistent Remote Denial Of Service Via Topic Names Original release date: June 11, 2019 Last revised: --- Source...