A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, `etc.).`
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, `etc.).`
Laminas Project laminas-http has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the `__destruct` method of the `Zend\Http\Response\Stream` class in `Stream.php`.
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, `etc.).`
In all version of Eclipse Hawkbit M7, the HTTP (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of `HTML/Java` API.
Ignition, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of `file_get_contents()` and `file_put_contents()`. This is exploitable on sites using debug mode with Laravel
This affects all versions of package buns. The injection point is located in line in index file `lib/index.js` in the exported function `install(requestedModule)`.
Zend Framework, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the `__destruct` method of the Zend\Http\Response\Stream class in `Stream.php.`
An insecure unserialize vulnerability was discovered in ThinkAdm in `app/admin/controller/api/Update.php` and `app/wechat/controller/api/Push.php`, which may lead to arbitrary remote code execution.
JupyterHub allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a `/hub/api/user` request (to add or remove a user account).
OWASP json-sanitizer can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Jenkins Bumblebee HP ALM Plugin stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
OWASP json-sanitizer may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
Jenkins allows users with `Agent/Configure` permission to choose agent names that cause Jenkins to override the global `config.xml` file.
This affects all versions of package ts-process-promises. The injection point is located in line in main entry of package in `lib/process-promises.js`.
Jenkins does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.
Jenkins improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.
Jenkins allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Jenkins allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Certificate validation in node-sass is disabled when requesting binaries even if the user is not specifying an alternative download path.
Jenkins does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.
Jenkins does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins does not correctly match requested URLs to the list of always accessible paths, allowing attackers without `Overall/Read` permission to access some URLs as if they did have `Overall/Read` permission.
Jenkins does not implement any restrictions for the URL rendering a formatted preview of markup passed as a `query` parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.
Vela is a Pipeline Automation (`CI/CD)` framework built on Linux container technology written in Golang. In addition to upgrading, it is recommended to rotate all secrets.
In Redcarpet there is an injection vulnerability which can enable a cross-site scripting attack. This applies even when the `:escape_html` option was being used.
A deserialization vulnerability existed in dubbo which could lead to malicious code execution. Most Dubbo users use `Hessian2` as the default serialization/deserialization protool, during `Hessian2` deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the `hashCode()` function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo
Stored XSS was discovered in the tree mode of jsonedit through injecting and executing JavaScript.
RailsAdmin (aka rails_admin) allows XSS via nested forms.
Versions of Apache DolphinScheduler allowed an ordinary user under any tenant to override another users password through the API interface.
In Pillow, `SGIRleDecode` has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
In Pillow, `PcxDecode` has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
This affects the package pwntools which can lead to remote code execution.
In Pillow, `TiffDecode` has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
RsaPad_PSS in `wolfcrypt/src/rsa.c` in wolfSSL has an out-of-bounds write for certain relationships between key size and digest size.
`socket.io-parser` allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
`engine.iO` allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
In actionpack gem, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Formstone is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the `upload-target.php` and `upload-chunked.php` files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site once the URL is clicked or visited. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials, force malware execution, user redirection and others.
GJSON allows attackers to cause a denial of service (remote) via crafted JSON.
A change introduced in Apache Flink (and released as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink if their Flink instance(s) are exposed.
clickhouse-driver allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
Apache Flink introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink All users should upgrade to Flink if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from `apache/flink:master`.`
There's a flaw in `src/lib/openjp2/pi.c` of openjpeg If an attacker is able to provide untrusted input to openjpeg's `conversion/encoding` functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.
There's a flaw in openjpeg in `src/lib/openjp2/pi.c.` When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
A flaw was found in OpenJPEG This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
There's a flaw in openjpeg's t2 encoder An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
A flaw was found in openjpeg's `src/lib/openjp2/t2.c` This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag.
GJSON allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.`
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.`
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.`
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource`.
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing.