Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-vm74-j4wq-82xj: Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.

ghsa
Open in Source
#vulnerability#git
GHSA-9f88-wg5r-947j: Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

GHSA-79x5-cv79-49rj: Apache Superset is vulnerable to Cross-Site Scripting (XSS)

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

GHSA-7222-r37x-8q3m: Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

GHSA-85gf-wr67-f83w: curupira is vulnerable to SQL injection

A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.

GHSA-fcg4-pm6h-9xx2: Apache Superset Open Redirect vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

GHSA-cp68-42pf-6627: Froxlor vulnerable to Command Injection

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.

GHSA-xp3g-2729-rxm3: Froxlor is vulnerable to path traversal

Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0.

GHSA-w475-749h-c77m: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

GHSA-4p88-cfhq-f3vg: phpMyFAQ has Weak Password Requirements

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.