Headline
CVE-2021-40868: Cloudron 6.2 Cross Site Scripting ≈ Packet Storm
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
Related news
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.
Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.
Trojan-Proxy.Win32.Ranky.z malware suffers from an unauthenticated open proxy vulnerability.
Trojan-Proxy.Win32.Ranky.dh malware suffers from an unauthenticated open proxy vulnerability.
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.
Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.
Backdoor.Win32.Hupigon.gy malware suffers from an unauthenticated open proxy vulnerability.
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
Backdoor.Win32.Hupigon.fjcd malware suffers from an unauthenticated open proxy vulnerability.
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4