CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.

Vulnerabilty found in HTMLy v2.8.1 by "HAXSS" a Reinforcement Learning Agent for Cross Site Scripting (XSS) testing.

**Description:**

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.

**Known Payloads:**

*   "</span>< body onmouseover=alert(1805427201)></body>

**Steps to Reproduce:**

1\. Log into the admin pannel ('/login').

2\. Use the dashboard to navigate to the config page ('/admin/config')

3\. Edit the "Copyright" field on the page to a malicious payload

![](http://rlsec.xyz/vulns/images/htmly_4.png)

![](http://rlsec.xyz/vulns/images/htmly_5.png)

4\. Save the settings

5\. Navigate to the home page '/' and the vulnerability is shown

![](http://rlsec.xyz/vulns/images/htmly_6.png)

Headline

CVE-2021-42946: CVE-2021-42946: HTMLy 2.8.1 XSS vulnerability

CVE: Latest News