A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the response_type parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code execution via the crafting of the value for response_type.
Monthly Archives: November 2016
WordPress Canvas – Shortcodes 1.92 Cross Site Scripting
WordPress Canvas – Shortcodes plugin version 1.92 suffers from a persistent cross site scripting vulnerability.
WordPress Instagram Feed 1.4.6.2 Cross Site Scripting / Cross Site Request Forgery
WordPress Instagram Feed plugin version 1.4.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
WordPress Huge IT Portfolio Gallery 2.0.77 Cross Site Scripting
WordPress Huge IT Portfolio Gallery plugin version 2.0.77 suffers from a cross site scripting vulnerability.
WordPress Easy Facebook Like Box 4.3.0 CSRF / XSS
WordPress Easy Facebook Like Box plugin version 4.3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
drupal8-8.2.3-1.fc25
* [8.2.3 Release Notes](https://www.drupal.org/project/drupal/releases/8.2.3)
* [Drupal Core – Moderately Critical – Multiple Vulnerabilities – SA-CORE-2016-005](https://www.drupal.org/SA-CORE-2016-005)
drupal8-8.2.3-1.fc24
* [8.2.3 Release Notes](https://www.drupal.org/project/drupal/releases/8.2.3)
* [Drupal Core – Moderately Critical – Multiple Vulnerabilities – SA-CORE-2016-005](https://www.drupal.org/SA-CORE-2016-005)