CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

WordPress Easy FAQs plugin <= 3.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Easy FAQs versions = 3.2.1...

WordPress Save as PDF by Pdfcrowd plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by younsoung kim, SeoHyeon Lee, MyungJu Kim, SeoHee Kang in WordPress Plugin Save as PDF versions = 3.2.1...

CVE-2023-5334

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spresponsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

SUSE CVE-2014-8595

arch/x86/x86emulate/x86emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service crash via a crafted 1 CALL, 2 JMP, 3 RETF, 4 LCALL, 5 LJMP, or 6 LRET far branch instruction...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22946)

Summary Security Vulnerabilities affect IBM Cloud Private - curl Vulnerability Details CVEID: CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a required TLS bypassed issue. By sniffing the network, an attacker could exploit this...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Golang (CVE-2021-33197)

Summary Security Vulnerabilities affect IBM Cloud Private - Golang Vulnerability Details CVEID: CVE-2021-33197 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, a...

Security Bulletin: IBM Cloud Private is vulnerable to Elastic Kibana vulnerabilities (CVE-2020-7016,CVE-2020-7017 )

Summary IBM Cloud Private is vulnerable to Elastic Kibana vulnerabilities Vulnerability Details CVEID: CVE-2020-7016 DESCRIPTION: Elastic Kibana is vulnerable to a denial of service, caused by a vulnerability in Timelion. By persuading a victim to visit a specially crafted URL, a remote attacker...

UBUNTU-CVE-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names...