Monthly Archive: June 2021

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due...

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. Date published : 2021-06-28 https://www.openwall.com/lists/oss-security/2021/06/28/3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. Date published : 2021-06-28 https://github.com/luuthehienhbit/LFI-Vulnerability-Webport-CMS-version-1.19.10.17121/blob/master/README.md

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. Date published : 2021-06-28 https://github.com/NavigateCMS/Navigate-CMS/issues/20

Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. Date published : 2021-06-28 https://github.com/LimeSurvey/LimeSurvey/pull/1441#partial-pull-merging

Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. Date published : 2021-06-28 https://github.com/osTicket/osTicket/commit/6c724ea3fe352d10d457d334dc054ef81917fde1

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. Date published : 2021-06-28 https://github.com/osTicket/osTicket/commit/d54cca0b265128f119b6c398575175cb10cf1754

Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php. Date published : 2021-06-28 https://github.com/LimeSurvey/LimeSurvey/commit/2aada33c76efbbc35d33c149ac02b1dc16a81f62

Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. Date published : 2021-06-28 https://bugzilla.ipfire.org/show_bug.cgi?id=12226

Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering...

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. Date published : 2021-06-28 https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995 https://www.infoblox.com/products/nios8/

Mermaid before 8.11.0 allows XSS when the antiscript feature is used. Date published : 2021-06-27 https://github.com/mermaid-js/mermaid/issues/2122 https://github.com/mermaid-js/mermaid/pull/2123

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and...

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or...