CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.

**Latest commit**

![@Zeyad-Azima](https://avatars.githubusercontent.com/u/62406753?s=48&v=4)

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**Vicidial-stored-XSS (CVE-2021-46557)**

Vicidial is vulnerable to stored cross-site-scripting through the script tab inputs

**Reproduce**

*   go to the vicidial and login
*   then go to /admin.php?ADD=1111111
*   in the script tab add the following javascript: "<scr<script>alert(1)</script>ipt>alert<script>alert(1)</script>(1)</scr<script>alert(1)</script>ipt>"
*   now click save, we were able to bypass the filter then view script
*   As you can see the code executed

**PoC**

![](https://github.com/Zeyad-Azima/Vicidial-stored-XSS/raw/main/Screenshot%202022-01-23%20090638.png)

Headline

CVE-2021-46557: GitHub - Zeyad-Azima/Vicidial-stored-XSS

CVE: Latest News