MODERATE

[thorsten/phpmyfaq] phpMyFAQ vulnerable to Cross-site Scripting

phpMyFAQ prior to version 3.1.9 is vulnerable to stored Cross-site Scripting (XSS).
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4408
https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751
https://huntr.dev/bounti…

[thorsten/phpmyfaq] phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in versions prior to 3.1.9.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4409
https://github.com/thorsten/phpmyfaq/commit/8b47f38
https://huntr.dev/bounties/5915…

[pyRdfa3] pyRdfa3 Cross-site Scripting vulnerability

A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the pat…

[yiisoft/yii2-gii] Yii2 Gii Cross-site Scripting vulnerability

Some fields like Message Category (requires I18N enabled) in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This le…

[tinymce/tinymce] Cross-site scripting vulnerability in TinyMCE alerts

Impact
A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin…

[golang.org/x/net/http2] golang.org/x/net/http2 vulnerable to possible excessive memory growth

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending ver…

[github.com/containers/podman/v4] Buildah (as part of Podman) vulnerable to Link Following

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4122
https://github.com/containers/podman/pu…

[prestashop/prestashop] PrestaShop has potential Information exposure in the upload directory

Impact
Potential Information exposure in the upload directory.
Patches
Patch in PrestaShop 1.7.8.8
References
https://capec.mitre.org/data/definitions/87.html
Thanks to DZPATROL
References

https://github.com/PrestaShop/PrestaShop/security/advisories/G…

[github.com/traefik/traefik/v2] Traefik routes exposed with an empty TLSOption

Impact
There is a potential vulnerability in Traefik managing the TLS connections.
A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption.
For instance, a route secured using an mTLS connection set with a wrong CA fi…

[secp256k1] Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocated_gen_new it was possible to cause use-after-free from safe consumer code. It was also possible to “free” memory not allocated by the appropriate allocator.
The method takes a place for storin…

TechMedia

Featured

[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces

[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control

[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter