CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

@@ -156,7 +156,7 @@

<button type\="button" class\="close" data-dismiss\="alert" aria-label\="Close"\>

<span aria-hidden\="true"\>×</span\>

</button\>

<div id\="renewoutput" class\="pull-left"\>

<div id\="renewoutput" class\="pull-left" style\="white-space: pre-wrap"\>

</div\>

</div\>

  

@@ -326,7 +326,7 @@ function set\_content(elementid, image) {

  

function js\_callbackrenew(data) {

$('#renewoutputbox').removeClass("hidden");

$('#renewoutput').html(data.replace(/(?:\\r\\n|\\r|\\n)/g, '<br />'));

$('#renewoutput').text(data);

}

  

function js\_callback(req\_content) {

Headline

CVE-2020-21219: Prevent ACME output from being interpreted as HTML. Fixes #9888 · pfsense/FreeBSD-ports@a6f443c

CVE: Latest News