1702 matches found
Existing sessions are not correctly invalidated when a user changes their password
More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...
Contextual Links validation - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
XSS vulnerability on password reset page
Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...
Guard bypass in Eloquent models
More info at https://blog.laravel.com/security-release-laravel-61834-7232...
XSS vulnerability on contacts view
Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...
XSS vulnerability on asset view
Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...
RCE vulnerability in "cookie" session driver
More info at https://blog.laravel.com/laravel-cookie-security-releases...
Use token when logging out
More info at https://phabricator.wikimedia.org/T25227...
Stored XSS vulnerability on Bounce Management Callback
Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...
Exploit of encryption failure vulnerability
More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...
Cookie serialization vulnerability
More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...
Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...
Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...
Secret data exfiltration via symfony parameters
Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...
Moderately critical - Third-party libraries - SA-CORE-2019-007
More info at https://www.drupal.org/SA-CORE-2019-007...
Moderately critical - Cross Site Scripting
More info at https://www.drupal.org/sa-core-2018-003...
Critical - Third Party Libraries
More info at https://www.drupal.org/sa-core-2019-001...
Moderately critical - Third-party libraries - SA-CORE-2019-007
More info at https://www.drupal.org/SA-CORE-2019-007...
Critical - Arbitrary PHP code execution
More info at https://www.drupal.org/sa-core-2019-002...
Highly critical - Remote Code Execution
More info at https://www.drupal.org/SA-CORE-2019-003...
Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004
More info at https://www.drupal.org/sa-core-2020-004...
SQL Server LIMIT / OFFSET SQL Injection
Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...
Guard bypass in Eloquent models
More info at https://blog.laravel.com/security-release-laravel-61834-7232...
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
More info at https://www.drupal.org/sa-core-2020-008...
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
More info at https://www.drupal.org/sa-core-2020-011...
Drupal core - Critical - Remote code execution - SA-CORE-2020-012
More info at https://www.drupal.org/sa-core-2020-012...
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010
More info at https://www.drupal.org/sa-core-2020-010...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
More info at https://www.drupal.org/sa-core-2021-002...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
More info at https://www.drupal.org/sa-core-2021-002...
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007
More info at https://www.drupal.org/sa-core-2020-007...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005
More info at https://www.drupal.org/sa-core-2020-005...
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
More info at https://www.drupal.org/sa-core-2020-008...
Drupal core - Less critical - Access bypass - SA-CORE-2020-006
More info at https://www.drupal.org/sa-core-2020-006...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
More info at https://www.drupal.org/sa-core-2021-003...
Cookie serialization vulnerability
More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...
RCE vulnerability in "cookie" session driver
More info at https://blog.laravel.com/laravel-cookie-security-releases...
Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
More info at https://www.drupal.org/sa-core-2021-003...
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
More info at https://www.drupal.org/sa-core-2020-011...
Drupal core - Critical - Remote code execution - SA-CORE-2020-012
More info at https://www.drupal.org/sa-core-2020-012...
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
Contextual Links validation - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
Class-Name Injection
Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...
CVE-2019-10911: Add a separator in the remember me cookie hash
More info at https://symfony.com/cve-2019-10911...
CVE-2018-14773: Remove support for legacy and risky HTTP headers
More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...
CVE-2019-10909: Escape validation messages in the PHP templating engine
More info at https://symfony.com/cve-2019-10909...
CVE-2019-10910: Check service IDs are valid
More info at https://symfony.com/cve-2019-10910...
CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
More info at https://symfony.com/cve-2019-18888...
CVE-2019-18887: Use constant time comparison in UriSigner
More info at https://symfony.com/cve-2019-18887...
CVE-2019-10913: Reject invalid HTTP method overrides
More info at https://symfony.com/cve-2019-10913...