Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2028: Stored XSS in Project Name in titra

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE
Open in Source
#xss#google#git

Description

The application Titra is vulnerable to Stored XSS in Project name field.

Steps To Reproduce

  1. Click on Edit button
  2. Under the Project Name enter the paylaod "><img src=# onerror=alert(document.domain)>
  3. Click on save.
  4. Now navigate to details the XSS will be triggered.

Image PoC

https://drive.google.com/file/d/1P44bIq0VgqMMUdb7VEKhF1Q_7PdY2k4Z/view?usp=sharing https://drive.google.com/file/d/1sEJnrY8wxPY9gw1yPL1M4NH7Xe0qkgMT/view?usp=sharing

Impact

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE