Tagged: Cybersecurity Alert

Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until...

There is an incomplete cleanup vulnerability in Qt Network’s Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0...

Stored cross-site scripting (XSS) vulnerability in desknet’s NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. More information : https://jvn.jp/en/jp/JVN90757550/

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet’s NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications. More information : https://jvn.jp/en/jp/JVN90757550/

desknet’s NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications. More information : https://jvn.jp/en/jp/JVN90757550/

Stored cross-site scripting (XSS) vulnerability in desknet’s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. More information : https://jvn.jp/en/jp/JVN90757550/

Stored cross-site scripting (XSS) vulnerability in desknet’s NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser. More information : https://jvn.jp/en/jp/JVN90757550/

Reflected cross-site scripting (XSS) vulnerability in desknet’s Web Server allows execution of arbitrary JavaScript in a user’s web browser. More information : https://jvn.jp/en/jp/JVN90757550/

Stored cross-site scripting (XSS) vulnerability in desknet’s NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. More information : https://jvn.jp/en/jp/JVN90757550/

Mattermost versions 10.11.x

ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product. More information : https://jvn.jp/en/jp/JVN13030751/

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component...

ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user. More information : https://jvn.jp/en/jp/JVN13030751/

Mattermost versions 10.5.x