19 matches found
CVE-2025-25197
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
OPENSUSE-SU-2023:0047-1 Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 5.2.1 This is a security and bufix release. Security: - Fix PMASA-2023-01, CWE-661, boo1208186, CVE-2023-25727 Fix an XSS attack through the drag-and-drop upload feature. Bugfixes: - issue 17522 Fix case where the...
MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability
Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...
OPENSUSE-SU-2022:10075-1 Security update for python-jupyterlab
This update for python-jupyterlab fixes the following issues: Update to 2.2.10: Remove form tags' action attribute during sanitizing, to prevent an XSS CVE-2021-32797 boo1196663 Header ‘Content-Type’ should not be overwritten Do not use token parameters in websocket urls Properly handle errors in...
OPENSUSE-SU-2022:0803-1 Security update for python-lxml
This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL bsc1118088. - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped bsc1184177. - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data...
OPENSUSE-SU-2021:0552-1 Security update for python-bleach
This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...
OPENSUSE-SU-2020:1966-1 Security update for moinmoin-wiki
This update for moinmoin-wiki fixes the following issues: - update to version 1.9.11: CVE-2020-25074 boo1178744: fix remote code execution via cache action CVE-2020-15275 boo1178745: fix malicious SVG attachment causing stored XSS vulnerability...
OPENSUSE-SU-2020:1604-1 Security update for zabbix
This update for zabbix fixes the following issues: Updated to version 3.0.31. + CVE-2020-15803: Fixed an XSS in the URL Widget boo1174253...
MGASA-2020-0221 Updated viewvc packages fix security vulnerability
Updated viewvc package fixes security vulnerability: ViewVC before versions 1.1.28 has an XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted...
SUSE-SU-2020:1301-1 Security update for mailman
This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug bsc1171363. - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion bsc1170558. Non-security issue fixed: - Fixed rights and ownership on...
OPENSUSE-SU-2020:0405-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.9.5 fixes the following issues: - phpmyadmin was updated to 4.9.5: - CVE-2020-10804: Fixed an SQL injection in the user accounts page, particularly when changing a password boo1167335 PMASA-2020-2. - CVE-2020-10802: Fixed an SQL injection in the search...
Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS
----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...
OPENSUSE-SU-2019:1839-1 Security update for python-Django
This update for python-Django fixes the following issues: Security issues fixed: - CVE-2019-11358: Fixed prototype pollution. - CVE-2019-12308: Fixed XSS in AdminURLFieldWidget bsc1136468 - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS bsc1139945. -...
SUSE-SU-2018:1102-1 Security update for python-Django
This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. bsc1083304 - CVE-2017-12794:...
SUSE-SU-2018:0973-1 Security update for python-Django
This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. bsc1083304 - CVE-2017-12794:...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Fedora 18 : ReviewBoard-1.7.11-1.fc18 (2013-11646)
New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/ - Bug Fixes : - Fixed compatibility with Python 2.5 - Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer - New upstream release 1.7.10 -...
[openwebmail] Fw: Re: XSS bug.
Hello all, Its a forward message from openwebmail bugtraq system with the problem and the solution ;- ---------- Forwarded Message ----------- From: "openwebmail" [email protected] To: "aramosf" [email protected] Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug. On Wed, 2...