Security
Headlines

Headlines Latest CVEs

Headline

GHSA-gm8c-w9cm-c445: Microweber vulnerable to HTML Injection in create tag functionality

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. A patch is available on commit f20abf30a1d9c1426c5fb757ac63998dc5b92bfc and is anticipated to be part of version 1.3.2.

2 years ago

#xss #web #git #java

Microweber vulnerable to HTML Injection in create tag functionality

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Related news

CVE-2022-3245: update · microweber/microweber@f20abf3

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

2 years ago

#xss #web #js #java

ghsa: Latest News

GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

4 hours ago

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

4 hours ago

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

21 hours ago

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

21 hours ago

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

21 hours ago