Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Ubuntu Security Notice USN-6369-2

Ubuntu Security Notice 6369-2 - USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
Open in Source
#vulnerability#web#ubuntu#dos#git
GHSA-7vff-rv2f-cj79: Subrion CMS Cross-site Scripting vulnerability

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

GHSA-2g8p-j2r6-vqpj: October Cross-site Scripting vulnerability

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

CVE-2023-43879: GitHub - sromanhu/RiteCMS-Stored-XSS---GlobalContent: About RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted

Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.

CVE-2023-43878: RiteCMS-Stored-XSS---MainMenu/README.md at main · sromanhu/RiteCMS-Stored-XSS---MainMenu

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.

CVE-2023-43884: GitHub - dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVE-2023-43876: October-CMS-Reflected-XSS---Installation/README.md at main · sromanhu/October-CMS-Reflected-XSS---Installation

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

CVE-2023-40307: Privileges Memory Corruption (Out-of-bound write)

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

CVE-2023-43874: e107-CMS-Stored-XSS---MetaCustomTags/README.md at main · sromanhu/e107-CMS-Stored-XSS---MetaCustomTags

Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.

CVE-2023-43873: e107-CMS-Stored-XSS---Manage/README.md at main · sromanhu/e107-CMS-Stored-XSS---Manage

A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.