Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template.
Category Archives: Advisories
CVE-2020-18325
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.
CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
tomcat-9.0.59-1.fc37
FEDORA-2022-30ce1cbe6e
Packages in this update:
tomcat-9.0.59-1.fc37
Update description:
Automatic update for tomcat-9.0.59-1.fc37.
Changelog
* Wed Mar 2 2022 Sonia Xu <sonix@amazon.com> – 1:9.0.59-1
– Update to 9.0.59
– Resolves: rhbz#2047419 – CVE-2022-23181 tomcat: local privilege escalation vulnerability
DSA-5089 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
CVE-2021-22688
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-22686
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-22687
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
python-pillow-9.0.1-6.fc36
FEDORA-2022-2e4c6ac063
Packages in this update:
python-pillow-9.0.1-6.fc36
Update description:
Fix incorrect mingw package name.