Astra Linux - уязвимость в mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

GHSA-X832-FPVJ-R5PH Mustangproject allows exfiltrating files via XXE attacks

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

CVE-2025-66372

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-32457

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in The CSSIgniter Team Elements Plus! allows Stored XSS.This issue affects Elements Plus!: from n/a through 2.16.3...

CVE-2024-50348

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

InstantCMS 跨站脚本漏洞

InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b44af62239ce...

PT-2024-39052 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.16.3 Description: The issue is related to Stored Cross-Site Scripting via the url parameter in the Modern Heading and Icon Picker widgets. Thi...

WordPress Plugin Elements Plus! 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A cross-site...

WordPress Elements Plus! plugin <= 2.16.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Elements Plus! versions = 2.16.3...

WordPress Elements Plus! Plugin <= 2.16.3 is vulnerable to Cross Site Scripting (XSS)

Software Elements Plus! Type Plugin Vulnerable versions = 2.16.3 Fixed in 2.16.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 693915246ad8 Credits Khalid Yusuf Required privilege...

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...