:: Deepquest ::

Online Discussion Forum Site version 1.0 suffers from a cross site scripting vulnerability.

OX App Suite and OX Documents versions 7.10.3 and some prior versions suffer from information exposure, server-side request forgery, and cross site scripting vulnerabilities.

Online Job Portal version 1.0 suffers from a persistent cross site scripting vulnerability.

TinyMCE 5 suffers from an html injection vulnerability.

Chrome suffers from a use-after-free vulnerability in XRSystem::FocusedFrameChanged and FocusController::NotifyFocusChangedObservers.

HiSilicon Video Encoder versions up to 1.97 suffer from a path traversal vulnerability that allows for file disclosure.

ReQuest Serious Play Media Player version 3.0 suffers from an unauthenticated file disclosure vulnerability when input passed through the file parameter in tail.html and file.html script is not properly verified before being used to read web log files. This can be exploited to disclose contents of files from local resources.

HiSilicon Video Encoder suffers from a remote command injection vulnerability. Versions affected are vendor specific.

ReQuest Serious Play F3 Media Server version 7.0.3 suffers from a debug log disclosure vulnerability. An unauthenticated attacker can visit the message_log page and disclose the webserver’s Python debug log file containing system information, credentials, paths, processes and command arguments running on the device.

HiSilicon Video Encoder suffers from a remote code execution vulnerability via an unauthenticated upload of malicious firmware. Versions affected are vendor specific.