Skip to content

トピトピニュース

Header Image
Category

MODERATE

505 Posts

Featured

Posted byGitHub
[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Posted byGitHub
[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
Posted byGitHub
[org.postgresql:postgresql] TemporaryFolder on unix-like systems does not limit access to created files
Posted byGitHub
[com.h2database:h2] Password exposure in H2 Database

[org.apache.struts:struts2-core] Cross-site Scripting in Apache Struts

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/04/2022

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the ‘Problem Report’ screen. Also if JSP files are exposed to be accessed directly it’s possible to execute an arbitrary script.
It is generally …

[org.apache.struts:struts2-core] Cross-site Scripting in Apache Struts

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/04/2022

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte cha…

[opencc] Open Chinese Convert subject to Denial of Service via Out-of-bounds Read

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202210/01/2022

Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.
References

https:…

[league/commonmark] PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202209/13/2022

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writ…

[com.sonyericsson.hudson.plugins.rebuild:rebuild] Cross-site Scripting in Jenkins Rebuilder Plugin

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/04/2022

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in
RebuildAction/BooleanParameterValue.jelly,
RebuildAction/ExtendedChoiceParameterValue.jelly,
RebuildAction/FileParameterValue.jelly,
RebuildAction/LabelP…

[org.apache.tomee:tomee-webapp] Apache TomEE console vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/08/2022

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles d…

[jquery] jQuery vulnerable to Cross-Site Scripting (XSS)

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202209/12/2022

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
References

https://nvd.nist.gov/vuln/detail/CVE-2011-4969
h…

[org.jenkins-ci.main:jenkins-core] Cross-site Scripting in Jenkins Core

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/02/2022

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaSc…

[org.biouno:uno-choice] Cross-site Scripting in Jenkins Active Choices plugin

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/04/2022

Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the ‘Build With Parameters’ page through the ‘Active Choices Reactive Reference Parameter’ type. This could inc…

[com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent] Cross-site Scripting in wicket-jquery-ui

  • Posted inMODERATE
  • Posted byGitHub
  • 05/14/202211/04/2022

In wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-1325
https://markmail.org/message/6bxjyaolehhq7jrl
https://github.com…

Posts navigation

Previous Posts 1 … 41 42 43 44 45 … 51 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close