Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37133: The "Column management" module of eyoucms1.6.3 has a storage XSS vulnerability · Issue #46 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE
Open in Source
#xss#vulnerability#web#git#java

The “Column management” module of eyoucms1.6.3 has a storage XSS vulnerability
A bug was found. stored xss vulnerability exists.
Only test in the test environment, do not do any illegal operations, now the bug feedback to the manufacturer.
Software Link :https://github.com/weng-xianhu/eyoucms
Website : http://www.eyoucms.com/

Insert poc into the “Column management” module of the background system
Here you can fill in malicious JavaScript code to cause stored xss

Causes stored XSS to steal sensitive information of logged-in users

Poc:<svg/onload=alert(“xss”)>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE