Monthly Archive: March 2022

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. Date published : 2022-03-30 https://github.com/zpxlz/douphp

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. Date published...

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Date published : 2022-03-30 https://gitee.com/y_project/RuoYi/issues/I4RBBD

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. Date published : 2022-03-30 https://developer.joomla.org/security-centre/878-20220309-core-xss-attack-vector-through-svg.html

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. Date published : 2022-03-30 https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. Date published : 2022-03-30 https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Date published :...

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. Date published : 2022-03-30 https://developer.joomla.org/security-centre/874-20220305-core-inadequate-filtering-on-the-selected-ids.html

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. Date published : 2022-03-30 https://developer.joomla.org/security-centre/873-20220304-core-missing-input-validation-within-com-fields-class-inputs.html

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover....

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of...

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. Date published : 2022-03-30 http://packetstormsecurity.com/files/166546/Joomla-4.1.0-Zip-Slip-File-Overwrite-Path-Traversal.html https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology...

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. Date published : 2022-03-30...