Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41423: There is a stored XSS vulnerability · Issue #316 · terrylinooo/githuber-md

Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.

CVE
Open in Source
#xss#vulnerability#js#git#wordpress#php

When I used this plugin to write MD articles, I encountered a stored XSS vulnerability

Steps to reproduce the behavior:

  1. Enable WP Githuber MD v1.16.2 plugin

  2. Write new articles (via MD editor of this plugin)

  3. Insert the following JS code:(Note that I added Tab spaces!!!)

    </textarea><script>alert(‘aaa hack’);</script>

  4. Publish articles

Additional context

(Note that I added Tab spaces!!!),,,As an article, it should not take the content of the article as js code and let the client browser execute it, which is very dangerous and may lead to phishing

Server environment

  • WordPress version [ 6.3 ]
  • WP Githuber MD plugin version [ 1.16.2 ]
  • PHP version [ 7.4 ]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE