Security
Headlines
HeadlinesLatestCVEs

Tag

#js

October CMS 3.4.0 Category Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#mac#js#wordpress#php#postgres#docker
October CMS 3.4.0 Blog Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.

October CMS 3.4.0 Author Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.

October CMS 3.4.0 About Cross Site Scripting

October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.

Red Hat Security Advisory 2023-7633-01

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

Debian Security Advisory 5571-1

Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.

PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting

PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

CVE-2023-6460: fix: Don't allow serialization of firestore settings by abhishekwebcode · Pull Request #1742 · googleapis/nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to be an author feature could perform a stored XSS attack against any other users visiting the posts by the author. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.