#webkit

CVE-2021-31739: Multiple vulnerabilities in SEPPmail 11.1.10

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #windows #apple #js #java #chrome #webkit

Ubuntu Security Notice USN-5730-1

Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #web #ubuntu #dos #java #webkit

CVE-2022-43183: xxl-job =< 2.3.1 version (latest version) has SSRF vulnerability, which causes low-privileged users to control executor to execute arbitrary commands · Issue #3002 · xuxueli/xxl-job

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

2 years ago

CVE

Open in Source

#vulnerability #web #mac #apple #google #js #java #intel #ssrf #chrome #webkit

CVE-2022-43138: Offensive Security’s Exploit Database Archive

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

2 years ago

CVE

Open in Source

#web #windows #apple #google #js #git #php #pdf #auth #chrome #webkit #sap

CVE-2022-43135: bug_report/SQLi-1.md at main · junHVV/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php.

2 years ago

CVE

Open in Source

#sql #vulnerability #web #windows #apple #php #auth #chrome #webkit

CVE-2022-43262: bug_report/SQLi-1.md at main · null302/bug_report

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.

2 years ago

CVE

Open in Source

#sql #vulnerability #web #windows #apple #php #auth #chrome #webkit

RHSA-2022:8054: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-2022-26700: w...

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #perl #aws #buffer_overflow #ibm #webkit

CVE-2022-42978: Unauthenticated Arbitrary File Read

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

2 years ago

CVE

Open in Source