Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-42946: CVE-2021-42946: HTMLy 2.8.1 XSS vulnerability

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.

CVE
#xss#vulnerability

Vulnerabilty found in HTMLy v2.8.1 by “HAXSS” a Reinforcement Learning Agent for Cross Site Scripting (XSS) testing.

Description:

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.

Known Payloads:

  • "</span>< body onmouseover=alert(1805427201)></body>

Steps to Reproduce:

1. Log into the admin pannel (‘/login’).

2. Use the dashboard to navigate to the config page (‘/admin/config’)

3. Edit the “Copyright” field on the page to a malicious payload

4. Save the settings

5. Navigate to the home page ‘/’ and the vulnerability is shown

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907