Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.
27679f4bfde5c9377efad490bf7207a9b6f587632600f7b21edcff5a9651ed7fUbuntu Security Notice 6061-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
01e21a6c8ac7ce003c7d1c71410cfa2fca7b99f9ae9f3d56cd4b2c5d58805114Ubuntu Security Notice 6060-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.42. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
d691b94ba5bd70d0a19d51f22c4bd89c7f9898899695a61f5687575f2a573d77BlogMagz CMS version 1.0 suffers from a cross site scripting vulnerability.
0355faad29dabcfaca08d5e96eb896c4b21974b2562d83ef8db03cdd0b234dd6Ubuntu Security Notice 6059-1 - It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.
3de9f1297a58c7de6b74c155d262382e9b1973264131f5e55475d5dd73526c90Found Information System version 1.0 suffers from a remote SQL injection vulnerability.
9724732a654c4f2a42eafffec1fcd360cbfbd5be6629bb93ad92d91c5a47e054Ubuntu Security Notice 6055-2 - USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.
ada5c9e435b07122b3ea37aaeeff4ec44d8a5abb8e17dfa44d63ad098d9107d3Rollout::UI version 0.5 suffers from a cross site scripting vulnerability.
d4b3ba42fa15bc6404ff5c65af7d574cbc6f0ffcb13a286a210ae4c1a7c8495f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed