Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. There was a patch released in the development branch but is not yet committed to the main branch.
References
https://nvd….
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
References
https://nvd.nist.gov/vuln/de…
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the…
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References
https://nvd.nist.gov/vuln/detai…
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
References
ht…
国立研究開発法人新エネルギー・産業技術総合開発機構(以下、NEDO)は11月21日、「モビリティの電…
マガジンXにて連載中の『ニューカマー喜怒愛楽』は、西川淳、高平高輝、斎藤慎輔の3名のモータージャーナリストが毎…
長野県原村(以下、原村)は、長野県茅野市(以下、茅野市)で運行中の交通サービス「のらざあ」を活用し、…
New updates Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not…
2022年11月5日に行われたロックの殿堂(Rock and Roll Hall of Fame)入…
