Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193PUBLISHED: 2023-02-04hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
User Rank: Moderator
9/3/2014 | 3:33:25 PM
It's a fine line, but a well understood distinction, especially in a legal liability sense. As with many things legal, check your intuition and sensibilities at the courthouse door.
That being said, I agree that it has definitely emerged to be in the best interest of the Fanchisor to, at the very least, specify security requirements (and probably enshrine it in the franchise agreement). The Franchisors could just as easily revoke the offending Franchisees to protect their reputation. In the vein of "every problem is an opportunity," the smart play would be for a Franchisor to impose security across the Franchise and provide value add to the Franchisees, as well as turn this into a feature of the Franchise -- great service and secure purchases now at *all* UPS Stores.