CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.

**event-management-1.0****Description:**

The system Event-management v1.0 is vulnerable to XSS-Reflected PHPSESSID hijacking. The parameter full\_name from register.php is not sanitizing correctly, the attacker can take a `PHPSESSID` and he can use it to manipulate an already created login session of the system.

**In action:**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/PuneethReddyHC/event-management-1.0/Docs/Screenshot%202022-02-12%20083153.png)

**Vulnerable parameter:**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/PuneethReddyHC/event-management-1.0/Docs/Screenshot%202022-02-12%20084304-XSS-Reflected-parameter.png)

Headline

CVE-2022-25114: CVE-nu11secur1ty/vendors/PuneethReddyHC/event-management-1.0 at main · nu11secur1ty/CVE-nu11secur1ty

CVE: Latest News