[SSCMS] Cross site scripting in SSCMS

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30349
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-4qf6-vpj8-p4r6

[flower] Authorization bypass in Flower

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutt…

[google-it] Command injection in google-it

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved…