# Description At the `team update`(`https://ripob47346.getoutline.com/api/team.update`) and `user update`(`https://ripob47346.getoutline.com/api/users.update`) functions, `avatarUrl` was not verified ...
Continue ReadingAugust 31, 2022
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e6b994e2-2891-11ed-9be7-454b1dd82c64 advisor ...
Continue ReadingAugust 31, 2022
Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Ser ...
Continue ReadingAugust 30, 2022
The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_book ...
Continue ReadingAugust 30, 2022
### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue ReadingAugust 30, 2022
### Impact **Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role `ORG_OWNER` are able to create Javascript Code, which is invoked by ...
Continue ReadingAugust 30, 2022
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.Read M ...
Continue ReadingAugust 30, 2022
### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue ReadingAugust 30, 2022
Back to Main