Skip to content

Underground News

Header Image
Category

severity

65 Posts

Featured

Posted byGitHub
[@ckeditor/ckeditor5-markdown-gfm] CKEditor5 Cross-site scripting caused by the editor instance destroying process
Posted byGitHub
[drupal/core] Drupal core arbitrary PHP code execution
Posted byGitHub
[streamlit] Streamlit directory traversal vulnerability
Posted byGitHub
[org.postgresql:postgresql] PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names

[@ckeditor/ckeditor5-markdown-gfm] CKEditor5 Cross-site scripting caused by the editor instance destroying process

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Affected packages
@ckeditor/ckeditor5-markdown-gfm
@ckeditor/ckeditor5-html-support
@ckeditor/ckeditor5-html-embed
Impact
A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages. The vulnerability allowed…

[drupal/core] Drupal core arbitrary PHP code execution

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files.
However, the protections for these two vulnerabilities previously did not work co…

[streamlit] Streamlit directory traversal vulnerability

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Impact
Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive informati…

[org.postgresql:postgresql] PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/10/2022

Impact
What kind of vulnerability is it? Who is impacted?
The PGJDBC implementation of the java.sql.ResultRow.refreshRow() method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could …

[org.dspace:dspace-api] DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Impact
ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, th…

[org.dspace:dspace-jspui] JSPUI vulnerable to path traversal in submission (resumable) upload

  • Posted inseverity
  • Posted byGitHub
  • 08/06/2022

Impact
The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace use…

[org.dspace:dspace-jspui] JSPUI’s controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Impact
The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a sit…

[org.dspace:dspace-jspui] JSPUI Possible Cross Site Scripting in “Request a Copy” Feature

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Impact
The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI.
This vulnerabi…

[org.dspace:dspace-jspui] Cross Site Scripting (XSS) possible in JSPUI spellcheck and autocomplete tools

  • Posted inseverity
  • Posted byGitHub
  • 08/06/202208/06/2022

Impact
The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulne…

[org.dspace:dspace-xmlui] XMLUI’s metadata of withdrawn Items is exposed to anonymous users

  • Posted inseverity
  • Posted byGitHub
  • 08/06/2022

Impact
Metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI.
However, this vulnerability is very low severity as Item metadata does …

Posts navigation

1 2 3 … 7 Next Posts
Underground News
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close