Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-r95w-889q-x2gx: org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

### Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. ### Patches The vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. ### Workarounds It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in this commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. ### References * JIRA ticket: https://jira.xwiki.org/browse/XWIKI-20337 * Commit: e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https...

ghsa
Open in Source
#vulnerability#git#java#perl#jira#maven
Online Bus Ticket Booking Website 1.0 SQL Injection

Online Bus Ticket Booking Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Nipah Virus Testing Management System 1.0 SQL Injection

Nipah Virus Testing Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Ubuntu Security Notice USN-7017-1

Ubuntu Security Notice 7017-1 - Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.

Ubuntu Security Notice USN-7016-1

Ubuntu Security Notice 7016-1 - Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

Membership Management System 1.1 SQL Injection

Membership Management System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

HYSCALE System 1.9 Add Administrator / Cross Site Request Forgery

HYSCALE System version 1.9 suffers from add administrator and cross site request forgery vulnerabilities.

Furniture Master 2 SQL Injection

Furniture Master version 2 suffers from a remote SQL injection vulnerability.

Food Ordering And Table Reservation System For Restaurants 1.0 Insecure Settings

Food Ordering and Table Reservation System for Restaurants version 1.0 suffers from an ignored default credential vulnerability.

Beauty Parlour And Saloon Management System 1.1 Insecure Settings

Beauty Parlour and Saloon Management System version 1.1 suffers from an ignored default credential vulnerability.