Gwolle Guestbook <= 2.5.3 – Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/9109
More info:
https://wpvulndb.com/vulnerabilities/9109
Strong Testimonials <= 2.31.4 – Multiple Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/9108
More info:
https://wpvulndb.com/vulnerabilities/9108
Drupal Core – 3rd-party libraries -SA-CORE-2018-005
Advisory ID: SA-CORE-2018-005Project: Drupal coreVersion: 8.xCVE: CVE-2018-14773Date: 2018-August-01DescriptionThe Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the vulnerable functionality. If your site or module uses Zend Feed or Diactoros
More info:
https://www.drupal.org/SA-CORE-2018-005
DSA-4259 ruby2.3 – security update
Several vulnerabilities have been discovered in the interpreter for theRuby language, which may result in incorrect processing of HTTP/FTP,directory traversal, command injection, unintended socket creation orinformation disclosure.
More info:
https://www.debian.org/security/2018/dsa-4259
Safe Harbor for Security Bug Bounty Participants
Mozilla established one of the first modern security bug bounty programs back in 2004. Since that time, much of the technology industry has followed our lead and bounty programs have become a critical tool for finding security flaws in the … Continue readingThe post Safe Harbor for Security Bug Bounty Participants appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2018/08/01/safe-harbor-for-security-bug-bounty-participants/