Tag
#git
# Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. # Patches Patched in AntiSamy 1.7.4 and later. See important remediation details in the reference given below. # Workarounds If you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding this in your tag definitions under the `<tagrules>` node (or deleting it entirely if...
Hundreds dead, thousands wounded—Hamas’ surprise attack on Israel shows the limits of even the most advanced and invasive surveillance dragnets as full-scale war erupts.
Plus: Sony confirms a breach of its networks, US federal agents get caught illegally using phone location data, and more.
By Owais Sultan SEO vs. PPC – Understanding the Difference and Choosing the Right Strategy for Your Business – Let’s delve… This is a post from HackRead.com Read the original post: SEO vs. PPC: Choosing the Right Strategy for Your Business
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.
An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.