CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php

Vulnerabilty found in Pixelimity by "HAXSS" a Reinforcement Learning Agent for Cross Site Scripting (XSS) testing.

**Description:**

The "Site Description" field of the "pixelimity/admin/setting.php" page of Pixelimity CMS is subject to a Cross Site Scripting (XSS) vulnerability. This allows malicious users to send an authenticated POST HTTP request to inject JavaScript or HTML.

**Known Payloads:**

*   "></input><style onload=alert(2591776654)></style>

**Steps to Reproduce:**

1\. Log into the admin panel ('admin/signin.php').

2\. Use the dashboard to navigate to the config page ('admin/setting.php')

3\. Edit the "Site Description" field on the page to a malicious payload

![](http://rlsec.xyz/vulns/images/pixelimity_1.png)

![](http://rlsec.xyz/vulns/images/pixelimity_2.png)

4\. Save the settings

5\. Vulnerability is shown

![](http://rlsec.xyz/vulns/images/pixelimity_3.png)

Headline

CVE-2021-42866: CVE-2021-42866: Pixelimity 1.0 XSS vulnerability

CVE: Latest News