CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

**Stored XSS exists in version 1.6.3, which can lead to stealing sensitive information of logged-in users**

A bug was found. stored xss vulnerability exists.  
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer.  
Software Link :https://github.com/weng-xianhu/eyoucms  
Website : http://www.eyoucms.com/

**Insert the poc into the custom variables module of the background system**  
**Here you can fill in malicious JavaScript code to cause stored xss**

  

**Causes stored XSS to steal sensitive information of logged-in users**  

Poc:<img src=a onerror=alert(1)>

CVE-2023-37132: Stored XSS exists in version 1.6.3, which can lead to stealing sensitive information of logged-in users · Issue #45 · weng-xianhu/eyoucms

Headline

CVE-2023-37132: Stored XSS exists in version 1.6.3, which can lead to stealing sensitive information of logged-in users · Issue #45 · weng-xianhu/eyoucms

CVE: Latest News