This would redirect a user to their email if they had requested a confirmation link. This was fixed in 2.3.5. Upgrading to 2.3.5 is the recommended fix. If you are unable to upgrade, you can disable the open redirect in the `/confirm` endpoint. Open the `confirm.
This issue was resolved by updating to version 1.9.21 or higher. Inspect the application URL to determine if you are running an outdated version of TestLink. An attacker can exploit this issue to perform requests that impact the user's session, such as stealing data or installing other malicious
The CSRF vulnerability exists in the GitHub v2.4.5 API. The attacker can submit a request to the victim to change the content on GitHub if they have access to the victim’s account on the repository. Exploitation Access the GitHub repository. Go to Settings, then Authentication. Click on
This was addressed in 184.108.40.206 and later. Cisco WebEx Teams does not support the use of XSS in any of its components. CVE-2023-40324 This was addressed in 220.127.116.11 and later. Cisco WebEx Teams does not support the use of XML external entities (XXE) in
This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as high as they want, as long as they are a member of the contributor role. NOTE: Earlier versions of this plugin are also affected, but
This flaw could be exploited by injecting malicious code into the database or via cross-site request forgery (CSRF) if users’ input was hijacked. The id parameter is typically used to identify a category. Therefore, it is critical that it be validated to limit the risk of an attack. We discovered
A remote attacker could exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive data. In addition, this software was discovered to contain a cross-site request forgery (CSRF) vulnerability at /register.html; a malicious user could exploit this issue to execute arbitrary requests as if they were coming from
By using this vulnerability an attacker can steal cookie information and execute malicious code on the system of the affected website. In case of XSS in Admin Panel of Subrion CMS 4.2.1 an attacker can steal the session information and hijack the user login. There are many ways
By manipulating the name parameter, an attacker can inject malicious code into the application’s code, which can lead to session hijacking and other forms of attack. VentureOne reported this issue to Envato, who promptly released a security update to close this XSS vulnerability. Another issue with Envato Studio 22.