[oss-security] CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page

Severity: moderate Affected versions: - Apache JSPWiki through 2.12.1 Description: XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade t

Re: [oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)

Ihor Radchenko writes: > Here is a vulnerability in Emacs Org mode. > Reproducer is the following .org file: > #+LINK: shell %(shell-command-to-string) > [[shell:touch ~/hacked.txt]] > When sent by email and previewed in Emacs or when opened in Emacs as a > file, the above Org file will evalua

[oss-security] Arbitrary shell command evaluation in Org mode (GNU Emacs)

Hi, Here is a vulnerability in Emacs Org mode. Reproducer is the following .org file: #+LINK: shell %(shell-command-to-string) [[shell:touch ~/hacked.txt]] When sent by email and previewed in Emacs or when opened in Emacs as a file, the above Org file will evaluate "touch ~/hacked.txt" without