The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code c ...
Continue Reading
August 02, 2023
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijac ...
Continue Reading
August 02, 2023
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list ...
Continue Reading
August 02, 2023
Under some circumstances, this weakness allows a user who has access to run the âpsâ utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process h ...
Continue Reading
August 02, 2023
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.Read More ...
Continue Reading
August 02, 2023
An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.Read More ...
Continue Reading
August 02, 2023
Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status an ...
Continue Reading
August 02, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to ...
Continue Reading
August 02, 2023
Back to Main
