Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mw37-wx8p-gp45: Craft CMS vulnerable to Cross-site Scripting via Drafts

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Version 4.2.1 contains a patch for this issue.

2 years ago

Craft CMS vulnerable to Cross-site Scripting via Drafts

Moderate severity GitHub Reviewed Published Sep 17, 2022 • Updated Sep 20, 2022

Related news

CVE-2022-46496: CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.

1 year ago

#xss #csrf #vulnerability #web #ios #android #apple #ssl

CVE-2022-37251: CVE-2022-37251 - Stored XSS in Drafts in Craft CMS

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

2 years ago

#xss #vulnerability #web #ios #android #apple #git

CVE-2022-37250: CVE-2022-37250 - Stored XSS in User Addresses Title in Craft CMS

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

2 years ago

#xss #vulnerability #web #ios #android #apple #git #java

ghsa: Latest News

GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

2 hours ago

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

2 hours ago

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

19 hours ago

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

19 hours ago

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

19 hours ago