![]() Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. ![]() Version 8.1.3 contains a patch for this issue. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. PrestaShop is an open-source e-commerce platform. This vulnerability has been patched in version 2.0.19. ![]() The vulnerability can be used to crash/DOS a system doing JWS verification. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. Jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |