Impact
Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request mo…
[gollum] Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-35305
https://github.com/Szarny/
https://github.com/gollum/
https://github.com/gollum/gollum/re…
[System.ServiceModel.Security] Improper Certificate Validation in Microsoft .NET Framework components
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka “.NET Framework Security Feature Bypass Vulnerability.” This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0,…
[hexo] XSS in Hexo
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
References
https://nvd.nist.gov/vuln/deta…