CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.

**Describe the bug**  
An user with page creation/edition can create an XSS payload in description field to trigger XSS when view all page from admin panel  
**To Reproduce**  
Steps to reproduce the behavior:

1.  Click on 'Create New Page'
2.  Go to 'Meta Tags' tab
3.  In the 'description' section, insert arbitrary XSS payload
4.  Go to 'See all page'
5.  See error

**Expected behavior**  
The XSS payload will be triggered for anyone who view this page description (esspecially admin account).

**Screenshots**  

**Desktop (please complete the following information):**

*   OS: tested on kali linux
*   Browser: tested on firefox
*   Version: 2.0.7

**video PoC**  
https://youtu.be/XkjPdJvnMQ0

**Additional context**  
This bug can be exploited by anyone has edit/create page privileges

Headline

CVE-2021-40555: XSS in page description · Issue #56 · flatCore/flatCore-CMS

CVE: Latest News