#js

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sand...

Ubuntu Security Notice 5494-1 - It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash.

WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.

Library Management System with QR Code version 1.0 suffers from a remote shell upload vulnerability.

WSO2 Management Console suffers from a cross site scripting vulnerability. Many different product versions are affected.

Red Hat Security Advisory 2022-5192-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.

Researchers describe discovery of ‘mega’ zero-day

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.