Monthly Archive: April 2022

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible Date published : 2022-04-28 https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible Date published : 2022-04-28 https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible Date published : 2022-04-28 https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient Date published : 2022-04-28 https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. Date published : 2022-04-28 https://www.jetbrains.com/privacy-security/issues-fixed/

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list...

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. Date published :...

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. Date published :...

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. Date published : 2022-04-28 https://mender.io/blog/cve-2022-29555-and-cve-2022-29556-vulnerabilities-in-iot-manager-and-deviceconnect https://northern.tech

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit 音乐播放器 plugin

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin

SQL Injection (SQLi) vulnerability in Mufeng’s Hermit 音乐播放器 plugin

Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit 音乐播放器 plugin