Cross-site scripting hack in DOMPurify 2.0.0
Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome…
ConfigSync vulnerability in F5
Overview : F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. Affected…
Vulnerability issues found in Forcepoint VPN Client
Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user.…
GoAhead Web server HTTP Header Injection vulnerability
Overview : An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an…
TuziCMS 2.0.6 has SQL injection via index.php
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details : CVE ID : CVE-2019-16644…
Incorrect Control over DrayTek Vigor Router
Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is…