Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does…
[microweber/microweber] Microweber vulnerable to cross-site scripting (XSS)
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. There was a patch released in the development branch but is not yet committed to the main branch.
References
https://nvd….
[spatie/browsershot] Browsershot does not validate URL protocols passed to Browsershot URL method
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
References
https://nvd.nist.gov/vuln/de…
[spatie/browsershot] Browsershot vulnerable to Cross-Site Scripting (XSS)
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the…
[badaso/core] Badaso vulnerable to Remote Code Execution (RCE)
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References
https://nvd.nist.gov/vuln/detai…
[pyrocms/pyrocms] PyroCMS vulnerable to stored Cross Site Scripting
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
References
ht…
NEDO、モビリティ電動化と蓄電池開発の課題検討に関する調査公募予告
国立研究開発法人新エネルギー・産業技術総合開発機構(以下、NEDO)は11月21日、「モビリティの電…
ニューカマー喜怒愛楽(日産エクストレイル)の取材風景をYouTubeにアップしました
マガジンXにて連載中の『ニューカマー喜怒愛楽』は、西川淳、高平高輝、斎藤慎輔の3名のモータージャーナリストが毎…
長野県原村、「のらざあ」を活用したAI乗り合いデマンド交通サービス開始
長野県原村(以下、原村)は、長野県茅野市(以下、茅野市)で運行中の交通サービス「のらざあ」を活用し、…
Google Workspace Updates Weekly Recap – November 25, 2022
New updates Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not…