Read Time:35 Second

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)

It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-31129)

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
possibly use this issue to conduct cross-site scripting attacks (XSS).
(CVE-2023-28447)

Read More

More Stories

rabbitmq-server-4.0.5-2.fc42

FEDORA-2025-7c46ce9b7d Packages in this update: rabbitmq-server-4.0.5-2.fc42 Update description: Automatic update for rabbitmq-server-4.0.5-2.fc42. Changelog * Thu Jan 2 2025 Richard W.M....

libxmp-4.6.1-2.fc41

FEDORA-2025-23e4aeeb91 Packages in this update: libxmp-4.6.1-2.fc41 Update description: Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory...

libxmp-4.6.1-2.fc40

FEDORA-2025-c58133e520 Packages in this update: libxmp-4.6.1-2.fc40 Update description: Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory...

xmlrpc-c-1.60.04-2.fc42

FEDORA-2025-a835dd04a0 Packages in this update: xmlrpc-c-1.60.04-2.fc42 Update description: Automatic update for xmlrpc-c-1.60.04-2.fc42. Changelog * Thu Jan 2 2025 Jonathan Wright...