Search for outlook iniciare sesión - Security Headlines - AI Powered Cyber Security News Aggregator

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

3 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #ios #android #mac #windows #google #microsoft #nodejs #js #git #java

CVE-2021-26272: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

4 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #ios #android #mac #windows #google #microsoft #nodejs #js #git #java

CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

3 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #ios #android #mac #windows #google #microsoft #nodejs #js #git #java #php #perl #pdf #amd #auth #ibm #chrome #webkit #firefox #sap #ssl

CVE-2019-19650: Release Notes - New features

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.

CVE-2022-24127: REDCap Change Log - Eastern Virginia Medical School (EVMS), Norfolk, Hampton Roads

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

3 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #google #microsoft #amazon #linux #nodejs #js #git #java #php #rce #perl #ldap #pdf #aws #acer #oauth #auth #ruby #chrome #firefox #sap #ssl

CVE-2020-27733: List of bug fixes and feature enhancements

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

CVE-2020-28648: Nagios XI Change Log - Nagios

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CVE-2022-38254: Nagios XI Change Log - Nagios

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.