Vulnerabilidades

*** Pendiente de traducción *** The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting (XSS) when handling untrusted `placeholder` entries. An attacker who is able to influence the field `placeholder` when creating a `Calendar` instance is able to supply arbitrary `html` or `javascript` that will be rendered in the context of a user leading to XSS. There are no known patches for this issue.

*** Pendiente de traducción *** iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javascript` code that will be rendered in the context of a user, potentially leading to `XSS`. Version 1.6.1 contains a patch for this issue

*** Pendiente de traducción *** A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.

*** Pendiente de traducción *** A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.

*** Pendiente de traducción *** textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.

*** Pendiente de traducción *** IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646.

*** Pendiente de traducción *** <br /> <br /> <br /> A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. <br /> <br /> An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. <br /> <br /> <br /> <br /> <br /> Already existing/established client-server connections are not affected.<br /> <br /> <br /> <br /> <br /> <br /> List of affected CPEs:<br /> <br /> <br /> <br /> <br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*<br /> * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*<br /> <br /> <br /> <br /> <br /> <br /> <br />

*** Pendiente de traducción *** SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.

*** Pendiente de traducción *** SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet.

*** Pendiente de traducción *** Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.

*** Pendiente de traducción *** A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.

*** Pendiente de traducción *** A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221551.