![]() (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Accessibility plugin <= 1.0.3 on WordPress. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. There are no known workarounds for this issue. ![]() All communities running Flarum from `v1.5.0` to `v1.6.1` have to upgrade as soon as possible to v1.6.2. ![]() The vulnerability has been fixed and published as flarum/core `v1.6.2`. All communities running Flarum from `v1.5.0` to `v1.6.1` are impacted. The XSS attack occurs after a visitor opens the relevant discussion page. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The change was made after `v1.5` and was not noticed. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. Published: Novem12:15:10 AM -0500įlarum is an open source discussion platform. Published: Novem12:15:11 AM -0500Ĭross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Published: Novem12:15:11 AM -0500Ĭross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. Published: Novem12:15:12 AM -0500Ĭross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account. Moreover, the username is not properly sanitized in the admin user overview. V3.x:(not available) V2.0:(not available)Ī user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |