A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
Ref…
[intelliants/subrion] Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
References
https://n…
[feehi/cms] FeehiCMS is vulnerable to Cross-Site Scripting (XSS)
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43320
https://github.com/liufee/feehic…
[org.eclipse.californium:scandium] Failing DTLS handshakes may cause throttling to block processing of records
Impact
Failing handshakes didn’t cleanup counters for throttling. In consequence the threshold may get reached and will not be released again. The results in permanently dropping records. The issues was reported for certificate based handshakes, but it…
[System.Data.SqlClient] .NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework’s System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.
A vulnerability exists in System.Data.SqlClient and Mi…
[github.com/openfga/openfga] OpenFGA Authorization Bypass
Overview
During our internal security assessment, it was discovered that OpenFGA versions v0.2.4 and prior are vulnerable to authorization bypass under certain conditions.
Am I Affected?
You are affected by this vulnerability if you are using openfga/o…
[lzf] Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`
The compression and decompression function used mem:uninitialized to create an array of uninitialized values, to later write values into it. This later leads to reads from uninitialized memory.
The flaw was corrected in commit b633bf265e41c60dfce3be7ea…
[octocat.js] Withdrawn: Octocat.js vulnerable to code injection
Withdrawn
This advisory has been withdrawn because it is a test.
Original Description
Impact
Users can include their own images for accessories via provided URLs. These URLs are not validated and can result in execution of injected code.
Patches
This v…
[Tauri] Tauri Filesystem Scope can be Partially Bypassed
Impact
Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issu…
[parse-server] Remote code execution via MongoDB BSON parser through prototype pollution
Impact
An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser.
Patches
Prevent prototype pollution in MongoDB database adapter.
Workarounds
Disable remote code execution through the MongoDB…