Search CVE reports
1 – 5 of 5 results
Some fixes available 8 of 27
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...
4 affected packages
civicrm, smarty3, smarty4, postfixadmin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| civicrm | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| smarty3 | Fixed | Fixed | Fixed | Fixed |
| smarty4 | Not affected | Not in release | Not in release | Not in release |
| postfixadmin | Vulnerable | Fixed | Fixed | Fixed |
Some fixes available 4 of 102
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...
11 affected packages
node-moment, gnucash, mediawiki, ntopng, odoo...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-moment | Not affected | Fixed | Fixed | Fixed |
| gnucash | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ntopng | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| odoo | Needs evaluation | Needs evaluation | Not in release | Not in release |
| omnidb | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| ruby-momentjs-rails | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| sabnzbdplus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| syncthing | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| postfixadmin | Vulnerable | Fixed | Not affected | Not affected |
Some fixes available 10 of 32
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...
6 affected packages
postfixadmin, smarty4, collabtive, galette, gosa, smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postfixadmin | Not affected | Fixed | Fixed | Fixed |
| smarty4 | Not affected | — | — | — |
| collabtive | — | — | — | — |
| galette | — | — | — | — |
| gosa | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smarty3 | Fixed | Fixed | Needs evaluation | Needs evaluation |
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
1 affected package
postfixadmin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postfixadmin | — | — | — | Not affected |
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
1 affected package
postfixadmin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| postfixadmin | — | — | — | — |