Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-48118: There may be XSS hidden dangers here · Issue #379 · bbalet/jorani

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.

CVE
#xss#vulnerability#google#git

Github issue tracker is used for bug only.
For general questions and requests, please join the Google group

Don’t hesitate to provide screenshots.

What is the version of Jorani?

v1.0

Expected behavior

Acronym is just a normal form parameter, but if I modify the length of that column in database, I can input a longer XSS payload

Actual behavior

And when next time I look at the page, a XSS vulnerability is pop out.

Steps to reproduce the behavior

Details can be seen in the following docx.
jorani.docx

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda