GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside `Titre` and `Description` parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.

**Silverpeas Core Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Jul 9, 2024 to the GitHub Advisory Database • Updated Jul 10, 2024

Headline

GHSA-vfwh-gvf6-mff8: Silverpeas Core Cross-site Scripting vulnerability

ghsa: Latest News