1702 matches found
XSS vulnerability on password reset page
Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...
CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
More info at https://www.silverstripe.org/download/security-releases/CVE-2023-48714...
Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009
More info at https://www.drupal.org/sa-core-2020-009...
RCE vulnerability in "cookie" session driver
More info at https://blog.laravel.com/laravel-cookie-security-releases...
Moderately critical - Cross Site Scripting - SA-CORE-2019-004
More info at https://www.drupal.org/SA-CORE-2019-004...
Possible cross-site scripting (XSS) vulnerability in the Blade templating engine
A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...
CVE-2019-10910: Check service IDs are valid
More info at https://symfony.com/cve-2019-10910...
CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
More info at https://symfony.com/cve-2026-45067...
TYPO3-EXT-SA-2024-006: Multiple vulnerabilities in "powermail" (powermail)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-006...
CVE-2022-24895: Possible CSRF token fixation
More info at https://symfony.com/cve-2022-24895...
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-018...
TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-013...
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...
Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...
Fix failure to strip Authorization header on HTTP downgrade
Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...
XSS within joomla/filter class
More info at https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html...
CVE-2022-23601: CSRF token missing in forms
More info at https://symfony.com/cve-2022-23601...
Form validation can be skipped in neos/form
Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...
TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2021-005...
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-011...
Unescaped message used in HTML on Special:Contributions
More info at https://phabricator.wikimedia.org/T255918...
CVE-2020-6165: Limited queries break CanViewPermissionChecker
More info at https://www.silverstripe.org/download/security-releases/cve-2020-6165...
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...
CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy
More info at https://symfony.com/cve-2020-5275...
CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to
More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...
CVE-2019-5715: Reflected SQL Injection through Form and DataObject
More info at https://www.silverstripe.org/download/security-releases/ss-2018-021...
CVE-2018-11385: Session Fixation Issue for Guard Authentication
More info at https://symfony.com/cve-2018-11385...
Trusted-Directory Bypass via Path Traversal
Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...
Trusted-Directory Bypass via Path Traversal
if you enable secrity .$trusteddir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they...
Information disclosure of source code
More info at https://simplesamlphp.org/security/202004-01...
Possibility of manipulated condition when unfiltered input is passed to `yii\elasticsearch\ActiveRecord::findOne()` and `::findAll()`
More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...
External link injection on 404 pages when linking to the current page.
More info at https://www.drupal.org/SA-CORE-2018-001...
Open redirection protection bypass
More info at https://simplesamlphp.org/security/201801-02...
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS
More info at https://symfony.com/cve-2017-16653...
Signature validation bypass (SAML 1.1)
More info at https://simplesamlphp.org/security/201710-01...
REST API can bypass comment approval.
More info at https://www.drupal.org/SA-CORE-2017-004...
Object injection
SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Added Tagalog translation, thanks to @StoneArtz Added Malagache translation, thanks to @Hackinet Updated Serbian translation, fixed incorrect language code, thanks to @mmilanovic4 Updated...
Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
More info at https://framework.zend.com/security/advisory/ZF2016-02...
Views can allow unauthorized users to see Statistics information
More info at https://www.drupal.org/SA-CORE-2016-002...
CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password
More info at https://symfony.com/cve-2016-2403...
CVE-2016-4423: Large username storage in session
More info at https://symfony.com/cve-2016-4423...
Information leakage issue in the sanitycheck module
More info at https://simplesamlphp.org/security/201603-01...
Open redirect via path manipulation
More info at https://www.drupal.org/SA-CORE-2016-001...
Invalid CSRF validation of null or incorrectly formatted token identifiers
More info at https://framework.zend.com/security/advisory/ZF2015-03...
SQL injection vector when manually quoting values for sqlsrv extension, using null byte
More info at https://framework.zend.com/security/advisory/ZF2014-06...
Direct access of ESI URLs behind a trusted proxy
More info at https://symfony.com/cve-2014-5245...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...
Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...