Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ [PRODSECBUG-2458] Cross-site scripting in image file names (XSS) - CVE-2019-8115

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š [PRODSECBUG-2458] Cross-site scripting in image file names (XSS) - CVE-2019-8115


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: portal.patchman.co

An authenticated administrator could inject arbitrary JavaScript code when adding an image during simple product creation.

Part of update Magento 2.3.3 and 2.2.10 Security Update

This vulnerability affects the following application versions:

  • Magento 2.0.0
  • Magento 2.0.1
  • Magento 2.0.2
  • Magento 2.0.3
  • Magento 2.0.4
  • Magento 2.0.5
  • Magento 2.0.6
  • Magento 2.0.7
  • Magento 2.0.8
  • Magento 2.0.9
  • Magento 2.0.10
  • Magento 2.0.11
  • Magento 2.0.12
  • Magento 2.0.13
  • Magento 2.0.14
  • Magento 2.0.15
  • Magento 2.0.16
  • Magento 2.0.17
  • Magento 2.0.18
  • Magento 2.1.0
  • Magento 2.1.1
  • Magento 2.1.2
  • Magento 2.1.3
  • Magento 2.1.4
  • Magento 2.1.5
  • Magento 2.1.6
  • Magento 2.1.7
  • Magento 2.1.8
  • Magento 2.1.9
  • Magento 2.1.10
  • Magento 2.1.11
  • Magento 2.1.12
  • Magento 2.1.13
  • Magento 2.1.14
  • Magento 2.1.15
  • Magento 2.1.16
  • Magento 2.1.17
  • Magento 2.1.18
  • Magento 2.2.0
  • Magento 2.2.1
  • Magento 2.2.2
  • Magento 2.2.3
  • Magento 2.2.4
  • Magento 2.2.5
  • Magento 2.2.6
  • Magento 2.2.7
  • Magento 2.2.8
  • Magento 2.2.9
  • Magento 2.2.10
  • Magento 2.2.11
  • Magento 2.3.0
  • Magento 2.3.1
  • Magento 2.3.2
...



๐Ÿ“Œ XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder


๐Ÿ“ˆ 29.71 Punkte

๐Ÿ“Œ [PRODSECBUG-1860] Admin Account XSS Attack Cessation via Filename


๐Ÿ“ˆ 26.14 Punkte

๐Ÿ“Œ [PRODSECBUG-2053] Prevents XSS in Newsletter Template


๐Ÿ“ˆ 26.14 Punkte

๐Ÿ“Œ [PRODSECBUG-2138] Widget Based XSS Vulnerability


๐Ÿ“ˆ 26.14 Punkte

๐Ÿ“Œ MiniMagick up to 4.9.3 lib/mini_magick/image.rb Image.open Image File privilege escalation


๐Ÿ“ˆ 25.36 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 LibPNG image/image-png.cpp flif File memory corruption


๐Ÿ“ˆ 25.36 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 LibPNG image/image-png.cpp flif File memory corruption


๐Ÿ“ˆ 25.36 Punkte

๐Ÿ“Œ Best Fortnite Game Names [50+ Unique]: Characters, New Names


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ Discord Server Names: Best, Good, Cool, Funny, and Aesthetic Names


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ HackerOne: Names not completely redacted despite "Redact the names of the involved users" is selected


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ [PRODSECBUG-2057] Remote Code Execution in Upload of Quote File


๐Ÿ“ˆ 22.83 Punkte

๐Ÿ“Œ [PRODSECBUG-2148] Remote Code Execution and Arbitrary Move File


๐Ÿ“ˆ 22.83 Punkte

๐Ÿ“Œ [PRODSECBUG-2156] Remote Code Execution through Unauthorized File Upload


๐Ÿ“ˆ 22.83 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 image/image-pnm.cpp image_load_pnm denial of service


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 LibPNG image/image-png.cpp memory corruption


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Image Roll - my new simple and fast GTK image viewer with basic image manipulation tools. Written in Rust.


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Kajona CMS 4.7 Image Handler /kajona/image.php __construct image Directory Traversal


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Kajona CMS 4.7 Image Handler /kajona/image.php __construct image Directory Traversal


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 image/image-pnm.cpp image_load_pnm Denial of Service


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Free Lossless Image Format 0.3 LibPNG image/image-png.cpp Uninitialized Memory unbekannte Schwachstelle


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Bash read file names from a text file and take action


๐Ÿ“ˆ 20.47 Punkte

๐Ÿ“Œ XSS vulnerability in template names


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ [20160621] Two different XSS problems via attachment names


๐Ÿ“ˆ 19.67 Punkte

๐Ÿ“Œ [PRODSECBUG-2289] Arbitrary code execution in the advanced admin logging configuration


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [ PRODSECBUG-2125 ] CSRF on deletion of Blocks Vulnerability


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2162] Unauthorized data control due to a bypass of authentication controls for a customer using a web API endpoint


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2151] Remote Code Execution through Path Traversal


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [ PRODSECBUG-2123 ] PHP Object Injection (POI) and Remote Code Execution (RCE) in the Admin


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2113] Vulnerability in Customer Shopping Cart


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2069] Vulnerability in Attribute Group Name


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [ PRODSECBUG-2053 ] Vulnerability in Newsletter Template


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2198] SQL Injection vulnerability through an unauthenticated user


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2230] Data manipulation due to improper validation


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2285] Remote code execution via server side request forgery issued to Redis


๐Ÿ“ˆ 18.72 Punkte

๐Ÿ“Œ [PRODSECBUG-2273] Arbitrary code execution due to unsafe handling of a malicious product attribute configuration


๐Ÿ“ˆ 18.72 Punkte











matomo