Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Ser ...
Continue Reading
August 30, 2022
The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_book ...
Continue Reading
August 30, 2022
### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue Reading
August 30, 2022
### Impact **Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role `ORG_OWNER` are able to create Javascript Code, which is invoked by ...
Continue Reading
August 30, 2022
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.Read M ...
Continue Reading
August 30, 2022
### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful s ...
Continue Reading
August 30, 2022
### Impact **Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role `ORG_OWNER` are able to create Javascript Code, which is invoked by ...
Continue Reading
August 30, 2022
The Microsoft Azure Site Recovery installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An att ...
Continue Reading
August 30, 2022
Back to Main
