Impact
Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORG_OWNER are able to create Javascript Code, which is invoked by the system at certain points during the login.
Actions, for example, a…
[getkirby/cms] Cross-site scripting from content entered in the tags and multiselect fields
Introduction
Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API wi…
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm] .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability…
[Microsoft.AspNetCore.App.Runtime.osx-arm64] .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability…
[oauth2-server] oauth2-server through 3.1.1 vulnerable to Open Redirect
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ([a-zA-Z][a-zA-Z0-9+.-]+:) before making a redirection. Thi…
[org.jboss.xnio:xnio-all] XNIO `notifyReadClosed` method logging message to unexpected end
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-relat…
[org.zkoss.zk:zk] ZK Framework vulnerable to malicious POST
ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36537
https://tracker….
[mod-wsgi] Incorrect header handling in mod-wsgi
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Refer…
[vtk] VTK NULL pointer dereference vulnerability
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn’t check the return value of libxml2 API ‘xmlDocGetRootElement’, and try to dereference it. It is unsafe as the return value can be…
[exceedone/exment] exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated…