1697 matches found
smarty_function_mailto - JavaScript injection in eval function
I found a bug in the Smarty package, specifically in the smartyfunctionmailto$params function. Remote exploitation of such vulnerability is unlikely, but it is still advisable to take it into account. A web page that uses this function and that could be parameterized using GET or POST input...
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...
TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...
TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-007...
TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-007...
GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
Cross-site Scripting in Semantic MediaWiki
More info at https://nvd.nist.gov/vuln/detail/CVE-2022-48614...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
More info at https://www.drupal.org/sa-core-2022-012...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
More info at https://www.drupal.org/sa-core-2022-014...
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
More info at https://www.drupal.org/sa-core-2022-013...
CVE-2022-25238: Stored XSS via HTML fields
More info at https://www.silverstripe.org/download/security-releases/cve-2022-25238...
CVE-2022-28803: Stored XSS in link tags added via XHR
More info at https://www.silverstripe.org/download/security-releases/cve-2022-28803...
CVE-2022-24444: Hybridsessions does not expire session id on logout
More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...
CVE-2021-41559: Quadratic blowup in Convert::xml2array()
More info at https://www.silverstripe.org/download/security-releases/cve-2021-41559...
CVE-2022-29858: Unpublished, protected files can be published via shortcode
More info at https://www.silverstripe.org/download/security-releases/cve-2022-29858...
Server-Side Request Forgery in dompdf/dompdf
Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...
Change in port should be considered a change in origin
Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...
CURLOPT_HTTPAUTH option not cleared on change of origin
Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...
TYPO3-EXT-SA-2022-014: SQL Injection in extension "LUX - TYPO3 Marketing Automation" (lux)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-014...
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-003...
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-003...
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...
Cross-Site Scripting
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-012...
Cross-Site Scripting
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-011...
Fix failure to strip Authorization header on HTTP downgrade
Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...
Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...
Cross-domain cookie leakage
Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...
CVE-2022-29254 - Failed payment recorded has completed
More info at https://www.silverstripe.org/download/security-releases/cve-2022-29254...
PHP Code Injection by malicious block or filename
Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...
Cross site scripting via canonical URL
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...
Cross site scripting via canonical URL
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...