GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection

GHSA-8596-2jgr-ppj7: Amazon Redshift JDBC Driver vulnerable to SQL Injection

GHSA-xx95-62h6-h7v3: lgsl Stored Cross-Site Scripting vulnerability

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.

**Yamcs Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Oct 20, 2023 to the GitHub Advisory Database • Updated Oct 20, 2023

Headline

GHSA-4cqv-q33x-wfxw: Yamcs Cross-site Scripting vulnerability

Related news

ghsa: Latest News