The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this pl…
[snipe/snipe-it] Cross-site Scripting in snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1380
https://github.com/…
[cross-fetch] Incorrect Authorization in cross-fetch
When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.
Ex: you try to fetch example.com with cookie and if it get r…
[madlib-object-utils] Prototype Pollution in madlib-object-utils
The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701
Ref…
[pimcore/pimcore] Cross-site Scripting in Pimcore
Pimcore prior to version 10.4 is vulnerable to stored cross-site scripting in Tooltip.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1351
https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac
https://huntr.dev/bount…
[Simple-Wayland-HotKey-Daemon] Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-27814
https://github.com/waycrate/swhkd/releases
https://www.openwall.com/lists/oss-security/2022/04/14/1
https://github.com/wayc…
[Simple-Wayland-HotKey-Daemon] Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-27817
https://github.com/waycrate/swhkd/rele…
[org.springframework:spring-core] Improper handling of case sensitivity in Spring Framework
In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and l…
[froxlor/froxlor] HTML Injection in Froxlor
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.
Note: Froxlor version 0.10.22 intr…
[pimcore/pimcore] SQL Injection in Pimcore
Pimcore prior to version 10.3.5 is vulnerable to SQL injection in ElementController.php. This vulnerability causes loss of data confidentiality.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1339
https://github.com/pimcore/pimcore/commit/adae3b…