Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26874: [jan] Fix XSS vulnerability in Open Document mime viewer with differe… · horde/Mime_Viewer@02b46ce

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.

CVE
#xss#vulnerability#web#php

@@ -98,7 +98,10 @@ protected function _render()

} elseif ($file[‘name’] == ‘content.xml’) {

return array(

$this->_mimepart->getMimeId() => array(

‘data’ => str_replace(array_keys($tags), array_values($tags), $content),

‘data’ => Horde_Text_Filter::filter(

str_replace(array_keys($tags), array_values($tags), $content),

‘xss’

),

‘status’ => array(),

‘type’ => ‘text/html; charset=UTF-8’

)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907