Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-q4q5-c5cv-2p68: Vuetify Cross-site Scripting vulnerability

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

ghsa
Open in Source
#xss#vulnerability#git
GHSA-3jh2-wmv7-m932: LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.

GHSA-fhvv-p968-6vvj: Snipe-IT vulnerable to Improper Authentication

Snipe-IT prior to 6.0.10 is vulnerable to Improper Authentication. A user without the `View and Modify License Files` permission may access files uploaded to licenses as long as they have the `View` permission for licenses.

GHSA-cw2v-wv4g-w4p6: rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users

rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker exploiting this vulnerability can use it to delete repositories and users.

GHSA-3mq5-fq9h-gj7j: XStream Denial of Service due to parser crash

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-4rv7-wj6m-6c6r: XStream Denial of Service due to parser crash

Those using XStream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-56h3-78gp-v83r: Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-3f7h-mf4q-vrm4: XStream Denial of Service due to parser crash

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-fv22-xp26-mm9w: XStream Denial of Service due to parser crash

Those using XStream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-9fwf-46g9-45rx: XStream Denial of Service via stack overflow

Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.