Security
Headlines
HeadlinesLatestCVEs

Tag

#docker

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Zero Science Lab
Open in Source
#sql#xss#vulnerability#web#mac#js#wordpress#php#postgres#docker
OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to be an author feature could perform a stored XSS attack against any other users visiting the posts by the author. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to create an article could perform a stored XSS attack against any other users with the ability to create an article. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

CVE-2023-46746: SSRF vulnerability for logged in users

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request. This vulnerability has been addressed in `22bd5942` and will be included in subsequent releases. There are no known workarounds for this vulnerability.

CVE-2023-49077: XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.

CVE-2023-48945: Fuzzer: Virtuoso 7.2.11 crashed by stack smashing · Issue #1172 · openlink/virtuoso-opensource

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2023-48946: Fuzzer: Virtuoso 7.2.11 crashed at box_mpy · Issue #1178 · openlink/virtuoso-opensource

An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48947: Fuzzer: Virtuoso 7.2.11 crashed at cha_cmp · Issue #1179 · openlink/virtuoso-opensource

An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48950: Fuzzer: Virtuoso 7.2.11 crashed at box_col_len · Issue #1174 · openlink/virtuoso-opensource

An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

CVE-2023-48951: Fuzzer: Virtuoso 7.2.11 crashed at box_equal · Issue #1177 · openlink/virtuoso-opensource

An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.