Cross-site scripting from dynamic options in the multiselect field

### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...

Continue Reading
Cross-site scripting from dynamic options in the multiselect field

### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...

Continue Reading
Exposure of “Forgot Password” Token on Comments Controller Leads to Account Takeover

Hello there! Hope you are doing great! # # Description While digging into your app's source code, I noticed that the `getComment()` function, that can be found on CommentController, had an IDOR, but w ...

Continue Reading
Information Disclosure

libanjuta.so is vulnerable to information disclosure.The vulnerability exits in `read_bookmarks` function in `anjuta-bookmarks.c` because the incorrect use of libxml2 API which allows an attacker to g ...

Continue Reading
CVE-2022-38078

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl sc ...

Continue Reading
CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to der ...

Continue Reading
CVE-2021-42522

There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' t ...

Continue Reading
CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to der ...

Continue Reading

Back to Main

Subscribe for the latest news: