1702 matches found
TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-012...
TYPO3-EXT-SA-2022-015: Broken Access Control in extension "femanager" (femanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-015...
CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...
Possibility to load a template outside a configured directory when using the filesystem loader
More info at https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader...
Remote file inclusion
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...
smarty_function_mailto - JavaScript injection in eval function
I found a bug in the Smarty package, specifically in the smartyfunctionmailto$params function. Remote exploitation of such vulnerability is unlikely, but it is still advisable to take it into account. A web page that uses this function and that could be parameterized using GET or POST input...
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...
TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...
TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-007...
TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-007...
GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Description Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to ...
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
Cross-site Scripting in Semantic MediaWiki
More info at https://nvd.nist.gov/vuln/detail/CVE-2022-48614...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
More info at https://www.drupal.org/sa-core-2022-014...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
More info at https://www.drupal.org/sa-core-2022-012...
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
More info at https://www.drupal.org/sa-core-2022-013...
CVE-2022-25238: Stored XSS via HTML fields
More info at https://www.silverstripe.org/download/security-releases/cve-2022-25238...
CVE-2022-28803: Stored XSS in link tags added via XHR
More info at https://www.silverstripe.org/download/security-releases/cve-2022-28803...
CVE-2021-41559: Quadratic blowup in Convert::xml2array()
More info at https://www.silverstripe.org/download/security-releases/cve-2021-41559...
CVE-2022-29858: Unpublished, protected files can be published via shortcode
More info at https://www.silverstripe.org/download/security-releases/cve-2022-29858...
CVE-2022-24444: Hybridsessions does not expire session id on logout
More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...
Server-Side Request Forgery in dompdf/dompdf
Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...
CURLOPT_HTTPAUTH option not cleared on change of origin
Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...
Change in port should be considered a change in origin
Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...
TYPO3-EXT-SA-2022-014: SQL Injection in extension "LUX - TYPO3 Marketing Automation" (lux)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-014...
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-003...
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-003...
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...
Cross-Site Scripting
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-012...
Cross-Site Scripting
More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-011...
Fix failure to strip Authorization header on HTTP downgrade
Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...
Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...