Skip to content

トピトピニュース

Header Image
Category

MODERATE

505 Posts

Featured

Posted byGitHub
[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Posted byGitHub
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
Posted byGitHub
[org.postgresql:postgresql] TemporaryFolder on unix-like systems does not limit access to created files
Posted byGitHub
[com.h2database:h2] Password exposure in H2 Database

[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown

  • Posted inMODERATE
  • Posted byGitHub
  • 11/30/202211/30/2022

Summary
A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (16.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the adm…

[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

  • Posted inMODERATE
  • Posted byGitHub
  • 11/29/202211/29/2022

There is a cross-site scripting vulnerability on the management system of baserCMS.
This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new v…

[org.postgresql:postgresql] TemporaryFolder on unix-like systems does not limit access to created files

  • Posted inMODERATE
  • Posted byGitHub
  • 11/24/202211/29/2022

Vulnerability
PreparedStatement.setText(int, InputStream)
and
PreparedStatemet.setBytea(int, InputStream)
will create a temporary file if the InputStream is larger than 51k
Example of vulnerable code:
String s = new String(“some very large string great…

[com.h2database:h2] Password exposure in H2 Database

  • Posted inMODERATE
  • Posted byGitHub
  • 11/24/202211/24/2022

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an at…

[moodle/moodle] Cross-Site Request Forgery in Moodle

  • Posted inMODERATE
  • Posted byGitHub
  • 11/24/202211/27/2022

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user’s CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A re…

[github.com/mattermost/mattermost-server] Denial of service in Mattermost

  • Posted inMODERATE
  • Posted byGitHub
  • 11/23/202211/27/2022

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4045
…

[github.com/mattermost/mattermost-server] Denial of service in Mattermost

  • Posted inMODERATE
  • Posted byGitHub
  • 11/23/202211/27/2022

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4044
https://hackerone.com/reports/1680241
https://matterm…

[backdrop/backdrop] Cross-site Scripting in Backdrop CMS

  • Posted inMODERATE
  • Posted byGitHub
  • 11/23/202211/27/2022

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-42095
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://g…

[backdrop/backdrop] Cross-site Scripting in Backdrop CMS

  • Posted inMODERATE
  • Posted byGitHub
  • 11/23/202211/24/2022

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-42094
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https:/…

[backdrop/backdrop] Cross-site Scripting in Backdrop CMS

  • Posted inMODERATE
  • Posted byGitHub
  • 11/23/202211/23/2022

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ‘Comment.’s
References

https://nvd.nist.gov/vuln/detail/CVE-2022-42097
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://github….

Posts navigation

1 2 3 … 51 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close