11/6/2022 0 Comments Outlook search query![]() Mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. Once the administrator clicks a malicious link, the article will be deleted. In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. #Outlook search query professional(Incydr Professional and Enterprise are unaffected.) Published: Janu9:15:06 PM -0500 This affects Incydr Basic, Advanced, and Gov F1 CrashPlan Cloud and CrashPlan for Small Business. #Outlook search query codeIn Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. Improper Access Control in Packagist microweber/microweber prior to 1.2.11. Published: Janu6:15:07 AM -0500Ĭross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Published: Janu6:15:07 AM -0500Ĭross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to main. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for. Published: Janu6:15:08 AM -0500Įxposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. Published: Janu7:15:08 AM -0500Įxposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users. Published: Janu7:15:08 AM -0500Ĭode Injection in Packagist microweber/microweber prior to 1.2.11. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 Published: Janu10:15:07 AM -0500ĭue to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4. These credentials may be used by malicious attackers to perform unauthorized actions. ![]() Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. V3.x:(not available) V2.0:(not available) Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |