EUVD-2023-56447

Malicious code in bioql PyPI...

CVE-2023-50159

In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Axigen Cross-Site Scripting Vulnerability

Axigen is a mail server with groupware and collaboration features from Axigen. A cross-site scripting vulnerability exists in Axigen WebMail version v.10.5.7 and earlier. A remote attacker can exploit this vulnerability to escalate privileges via specially crafted scripts...

Tenable Nessus Arbitrary File Write Vulnerability (TNS-2023-39)

Tenable Nessus is prone to an arbitrary file write vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"...

Pimcore vulnerable to cross site scripting

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify...

GHSA-WQR6-57QM-HHR5 Pimcore vulnerable to cross site scripting

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify...

GitLab <= 10.5.7, 10.6.x - 10.6.4, 10.7.x - 10.7.1 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Cross site scripting

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting specifically, data-milestone-id in the milestone dropdown feature. This is fixed in 10.6.3, 10.5.7, and 10.4.7...