Security
Headlines
HeadlinesLatestCVEs

Tag

#js

Threat Round up for February 10 to February 17

Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 10 and Feb. 17.

TALOS
#vulnerability#web#mac#windows#microsoft#js#java#pdf
CVE-2022-43579: Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-43579)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.

CVE-2021-33983: found a integer overflow leads to stack_overflow · Issue #188 · dvidelabs/flatcc

Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.

CVE-2021-32441: CVEproject/ExponentCMS_v2.6.0_sqli.md at main · pang0lin/CVEproject

SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.

CVE-2021-32163: case sensitive in jwtauthn match prefix · Issue #1633 · mosn/mosn

Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-24369: XSS attacks may occur on the UJCMS · Issue #3 · ujcms/ujcms

A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.

CVE-2023-23007: There is a sql injection vulnerability in ESPCMS P8.21120101 · Issue #I680WG · 轻舞飞沙/易思ESPCMS-P8企业建站管理系统 - Gitee.com

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.

Red Hat Security Advisory 2023-0803-01

Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.

Red Hat Security Advisory 2023-0728-01

Red Hat Security Advisory 2023-0728-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.3.