Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)
## Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client applic ...
Continue Reading
September 22, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
### Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of `uri_validate` functions depending where it is used. _What kin ...
Continue Reading
September 16, 2022
CVE-2022-30685
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
CVE-2022-30684
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
CVE-2022-30682
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
CVE-2022-30681
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
CVE-2022-30678
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
CVE-2022-30677
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v ...
Continue Reading
September 16, 2022
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
### Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of `uri_validate` functions depending where it is used. _What kin ...
Continue Reading
September 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
### Impact It's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. For example, an attachment with name `>.jpg` will e ...
Continue Reading
September 16, 2022
