In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 Date published : 2020-04-20 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-q6pr-42v5-v97q https://github.com/PrestaShop/PrestaShop/commit/6838d21850e7227fb8afbf568cb0386b3dedd3ef
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5 Date published : 2020-04-20 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rpg3-f23r-jmqv https://github.com/PrestaShop/PrestaShop/commit/d3bf027fa37e8105fed3c809d636ebe787e43f46
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 Date published : 2020-04-20 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m2x6-c2c6-pjrx https://github.com/PrestaShop/PrestaShop/commit/c464518d2aaf195007a1eb055fce64a9a027e00a
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to...
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5 Date published : 2020-04-20 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-87jh-7xpg-6v93 https://github.com/PrestaShop/PrestaShop/commit/9efca621a0b74b82dafa91e6b955120036e31334
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5. Date published : 2020-04-20 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7fmr-5vcc-329j https://github.com/PrestaShop/PrestaShop/commit/622ba66ffdbf48b399875003e00bc34d8a3ef712
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5. Date published : 2020-04-20...
InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). Date published : 2020-04-20 https://blog.installbuilder.com/2019/12/configure-autoupdate-project-settings.html
Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain...
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. Date published : 2020-04-20 https://security.gentoo.org/glsa/202007-28 re2c: heap overflow in Scanner::fill (scanner.cc)
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. Date published : 2020-04-20 https://www.manageengine.com/network-monitoring/help/read-me-complete.html
Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. Date published : 2020-04-20 https://geeknik-labs.com https://github.com/bitcoin-abe/bitcoin-abe/blob/d33f6e85de74e708e11cabe4ed0246e12025c726/Abe/abe.py#L253-L254
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. Date published : 2020-04-20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQLRBGRVRRZK7P5SFL2MNGXFX37YHJAV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN6QSHRFZXRQAYZJQ4MOW5MKIXBYOMED/
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the...