CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.

**Accounting-Journal-Management****Vendor**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/2022/Accounting-Journal-Management/Docs/Screenshot%202022-02-01%20164119.png)

**Description:**

The Accounting-Journal-Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking, the parameter `firstname` from manage\_user app is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network - external domains. He can send the already stolen cookie-session-id - PHPSESSID to other malicious users and then they can attack brutally this system, it depends on the scenarios.

Status: Medium

**Reproduce:**

href

**Proof and Exploit:**

href

Headline

CVE-2022-24582: CVE-nu11secur1ty/vendors/oretnom23/2022/Accounting-Journal-Management at main · nu11secur1ty/CVE-nu11secur1ty

CVE: Latest News