Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2022-34093: Vulnerabilidade - XSS (Cross Site Scripting) or HTML Injection - access_token.php · Issue #4 · saladesituacao/i3geo

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

CVE
Open in Source
#xss#vulnerability#java#php#oauth#auth
CVE-2022-34092: Vulnerabilidade - XSS (Cross Site Scripting) or HTML Injection - svg2img.php · Issue #3 · saladesituacao/i3geo

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.

CVE-2022-32416: bug_report/SQLi-1.md at main · Estbonxby/bug_report

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

CVE-2022-31156: Gradle 7.5 Release Notes

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could downlo...

CVE-2022-32318: Fast Food Ordering System 1.0 Cross Site Scripting ≈ Packet Storm

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.

CVE-2022-22477: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.

CVE-2021-39015: Security Bulletin: IBM Engineering Lifecycle Optimization

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.

WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload

WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGPU

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome’s WebGPU standard.   Google Chrome is a cross-platform web browser — and Chromium is the open-source version of... [[ This is only the beginning! Please visit the blog for the complete entry ]]