Severity: moderate
Affected versions:
- Apache JSPWiki through 2.12.1
Description:
XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the
attacker to execute javascript in the victim's browser and get some
sensitive information about the victim. Apache JSPWiki users should
upgrade t
Ihor Radchenko writes:
> Here is a vulnerability in Emacs Org mode.
> Reproducer is the following .org file:
> #+LINK: shell %(shell-command-to-string)
> [[shell:touch ~/hacked.txt]]
> When sent by email and previewed in Emacs or when opened in Emacs as a
> file, the above Org file will evalua
Hi,
Here is a vulnerability in Emacs Org mode.
Reproducer is the following .org file:
#+LINK: shell %(shell-command-to-string)
[[shell:touch ~/hacked.txt]]
When sent by email and previewed in Emacs or when opened in Emacs as a
file, the above Org file will evaluate "touch ~/hacked.txt" without