Summary
A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (16.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the adm…
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
There is a cross-site scripting vulnerability on the management system of baserCMS.
This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new v…
[org.postgresql:postgresql] TemporaryFolder on unix-like systems does not limit access to created files
Vulnerability
PreparedStatement.setText(int, InputStream)
and
PreparedStatemet.setBytea(int, InputStream)
will create a temporary file if the InputStream is larger than 51k
Example of vulnerable code:
String s = new String(“some very large string great…
[com.h2database:h2] Password exposure in H2 Database
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an at…
[moodle/moodle] Cross-Site Request Forgery in Moodle
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user’s CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A re…
[github.com/mattermost/mattermost-server] Denial of service in Mattermost
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4045
…
[github.com/mattermost/mattermost-server] Denial of service in Mattermost
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4044
https://hackerone.com/reports/1680241
https://matterm…
[backdrop/backdrop] Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42095
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://g…
[backdrop/backdrop] Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42094
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https:/…
[backdrop/backdrop] Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ‘Comment.’s
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42097
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://github….