SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42656
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-2xwp-7j3p-c78x
[SSCMS] SQL injection in SiteServer CMS
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42655
https://github.com/siteserver/cms/issues/3237
https://github.com/advisories/GHSA-5xr5-v2h7-2w7w
[org.wildfly.core:wildfly-core-parent] User account mismanagment in wildfly-core
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integr…
紛失…児童らの写真が入ったカメラ、学校で消える カメラは教諭の私物、校長が許可していた 保護者に謝罪
埼玉県教育局は24日、県立大宮北特別支援学校でSDカードが挿入されたデジタルカメラを紛失したと発表し…
みる兄さんインタビュー「成長するマーケターが持つ“好奇心と恐怖心”の絶妙なバランスと、注意すべき落とし穴」
みる兄さんの連載「話題のプロダクトについて考えてみた」が、おかげさまでご好評をいただいております。 読者の皆さまの中には記事に興味を持てば持つほど「みる兄さんとは一体、何者!?」と疑問を感じられる方もいると思います。そこ […]
The post みる兄さんインタビュー「成長するマーケターが持つ“好奇心と恐怖心”の絶妙なバランスと、注意すべき落とし穴」 appeared first on Marketing Native(マーケティング ネイティブ).
[publify_core] Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-25974
https://…
[apache-superset] Improper Neutralization of Input During Web Page Generation in Apache Superset
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart’s related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action …
[org.mongodb:mongo-java-driver] Improper Certificate Validation in MongoDB
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MIT…
[publify_core] Cross site scripting in publify
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
References
https://nvd.nist.gov/vuln…
[org.jboss.resteasy:resteasy-client] Improper Input Validation in RESTEasy
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw …