Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44948: Stored Cross Site Scripting Vulnerability on "Entities groups" in rukovoditel 3.2.1 · Issue #8 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".

CVE
Open in Source
#xss#vulnerability#web#php#auth

Version: 3.2.1****Description

An authenticated malicious user can take advantage of a Stored XSS vulnerability in the “Entities groups” feature.

Proof of Concept******Step 1: Go to "/index.php?module=entities/entities_groups", click “Add” and insert payload “<img src=1 onerror=’alert(document.coookie)'/>” in Name field.**********Step 2:** Alert XSS Message********Impact**

If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE