Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Flow Security Launches GenAI DLP

DARKReading
Open in Source
#web#git#amd
CVE-2023-46174: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-46174)

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.

CVE-2023-42022: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-42022)

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.

CVE-2023-42009

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.

CVE-2023-38268: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2023-38268)

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

CVE-2023-43015: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-43015)

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064.

GHSA-7vwr-g6pm-9hc8: Cookie leakage between different users in fastapi-proxy-lib

### Impact In the implementation of version `0.0.1`, requests from different user clients are processed using a shared `httpx.AsyncClient`. However, one oversight is that the `httpx.AsyncClient` will persistently store cookies based on the `set-cookie` response header sent by the target server and share these cookies across different user requests. This results in a cookie leakage issue among all user clients sharing the same `httpx.AsyncClient`. ### Patches It's fixed in `0.1.0` ### Workarounds If you insist `0.0.1`: - Do not use `ForwardHttpProxy` at all. - Do not use `ReverseHttpProxy` or `ReverseWebSocketProxy` for any servers that may potentially send a `set-cookie` response. **However, it's best to upgrade to the latest version.** ### References fixed in [#10](https://github.com/WSH032/fastapi-proxy-lib/pull/10)

CVE-2023-48893: Vuln0wned Report: SQL Injection in staff_act.php · Issue #209 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.

Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

By Deeba Ahmed Google will delete free Google accounts that have not been signed into for two years and do not have any active subscriptions. This is a post from HackRead.com Read the original post: Google to Delete Inactive Gmail Accounts From Today: What You Need to Know