Improper Input Validation

# Description At the `team update`(`https://ripob47346.getoutline.com/api/team.update`) and `user update`(`https://ripob47346.getoutline.com/api/users.update`) functions, `avatarUrl` was not verified ...

Continue Reading
FreeBSD : Gitlab — multiple vulnerabilities (e6b994e2-2891-11ed-9be7-454b1dd82c64)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e6b994e2-2891-11ed-9be7-454b1dd82c64 advisor ...

Continue Reading
Gitlab — multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Ser ...

Continue Reading
WP < 6.0.2 – SQLi via Link API

The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_book ...

Continue Reading
Cross-site scripting from content entered in the tags and multiselect fields

### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...

Continue Reading
Broken Authorization in ZITADEL Actions

### Impact **Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role `ORG_OWNER` are able to create Javascript Code, which is invoked by ...

Continue Reading
Path Traversal in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.Read M ...

Continue Reading

CVSS3 - MEDIUM

Cross-site scripting from content entered in the tags and multiselect fields

### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...

Continue Reading

Back to Main

Subscribe for the latest news: