GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.

**Casdoor CORS misconfiguration (GHSL-2024-035)**

High severity GitHub Reviewed Published Aug 22, 2024 to the GitHub Advisory Database • Updated Aug 22, 2024

Headline

GHSA-mchx-7j67-8mcf: Casdoor CORS misconfiguration (GHSL-2024-035)

ghsa: Latest News