50 matches found
CVE-2023-35930
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...
CVE-2023-35930 LookupResources may return partial results in spicedb
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...
GHSA-Q8HG-3VQV-F8V3 Fava vulnerable to Reflected Cross-site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2. The querystring parameter of Fava is vulnerable to reflected cross-site scripting, for which a attacker can modify any information that the user is able to modify. This issue is fixed in version 1.22.2...
CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
PYSEC-2022-240
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
UBUNTU-CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2523 Cross-site Scripting (XSS) - Reflected in beancount/fava
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
CVE-2022-2523
Cross-site Scripting XSS - Reflected in GitHub repository beancount/fava prior to 1.22.2...
WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability
UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...
Updated mediawiki packages fix security vulnerabilities
MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS CVE-2013-6451. Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lea...