最近では、多くのスマートフォンが少なくとも128GBのストレージを搭載しています。何らかの理由で、A…
[dev.personnummer:personnummer] personnummer/java vulnerable to Improper Input Validation
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure.
The vulnerability is determined to be low…
サイバークライシス 狙われる金融システム ―中南米で起きていること―
メキシコの銀行で電子決済システムSPEI(Interbank Electronic Payment …
サイバークライシス 狙われる金融システム―中南米で起きていること―
メキシコの銀行で電子決済システムSPEI(Interbank Electronic Payment …
[prestashop/contactform] Potential XSS injection In PrestaShop contactform
Impact
An attacker is able to inject javascript while using the contact form.
Patches
The problem is fixed in v4.3.0
References
Cross-site Scripting (XSS) – Stored (CWE-79)
References
https://github.com/PrestaShop/contactform/security/advisories/GHSA…
[dojo] Cross-Site Scripting in dojo
Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim’s browser.
Recommendation
Upgrade to versio…
[require-node] Arbitrary Code Execution in require-node
Versions of require-node prior to 1.3.4 for 1.x and 2.0.4 for 2.x are vulnerable to Arbitrary Code Execution. The package fails to sanitize requests to the require-node endpoint, allowing attackers to execute arbitrary code in the server through the in…