Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/12/202304/12/2023

Impact
Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using vtctldclient Ge…

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/11/202304/12/2023

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1976
https://github.co…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12.
References

https://nv…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the updatecategory parameter. This has been fixed in 3.1.12.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1879
http…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ site while generating an HTML Export. This has been fixed in 3.1.12.
References

https://nvd.nist.gov/vuln/detail/CV…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the category field name parameter. This has been fixed in 3.1.12.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1885…

[microweber/microweber] Microweber vulnerable to command injection

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

microweber/microweber prior to 1.3.3 is vulnerable to command injection in the “first name” field. This allows for server-side template injection, which can lead to arbitrary code execution.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1877
ht…

[grumpydictator/firefly-iii] Firefly III insufficiently expires sessions

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/06/2023

Firefly III prior to 6.0.0 insufficiently expires sessions upon close.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1788
https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
https://huntr.dev/bounties/7932…

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/06/202304/07/2023

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting (XSS) because it fails to sanitize user input in the stopword parameter. This has been fixed in 3.1.12.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-1884
https://github.co…

[uvdesk/community-skeleton] Uvdesk vulnerable to stored cross-site scripting (XSS)

  • Posted inMODERATE
  • Posted byWpmaster
  • 04/05/202304/12/2023

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.
References

https://nvd.nist….

Posts navigation

1 2 3 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close