CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.

XSS vulnerability exists in douphp background adding articles.

Official demo site, administrator login. https://demo.douphp.com/admin/login.php

Source download address. https://down.douphp.com/DouPHP\_1.6\_Release\_20220121.zip

Log in to the background and add articles. ![image](https://github.com/zpxlz/douphp/raw/gh-pages/1.png)

Insert XSS code at the article name,Submit.

<script>alert(document.cookie)</script>

![image](https://github.com/zpxlz/douphp/raw/gh-pages/2.png)

Cookie pops up in the background. ![image](https://github.com/zpxlz/douphp/raw/gh-pages/3.png)

The foreground will also trigger vulnerabilities. ![image](https://github.com/zpxlz/douphp/raw/gh-pages/4.png)

Headline

CVE-2022-24131: GitHub - zpxlz/douphp: douphp

CVE: Latest News