Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-21081: There are CSRF and XSS vulnerabilities in the background, which can be combined to steal user cookies and administrator cookies · Issue #2 · magicblack/maccms8

A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

CVE

Related news

CVE-2021-35488: Vulnerability Research & Advisor

Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.

CVE-2021-35489: Vulnerability Research & Advisor

Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.

CVE-2021-25978: sanitize SVG uploads, including previous uploads · apostrophecms/apostrophe@c8b94ee

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

CVE-2020-22864: XSS of froala wysiwyg editor

A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.

CVE-2021-33988: Microweber CMS(1.2.7) Reflected XSS · Issue #2 · nck0099/osTicket

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.

CVE-2021-42227: There is a stored xss vulnerability in kindeditor - 4.1.* · Issue #336 · kindsoft/kindeditor

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

CVE-2021-42228: There is a csrf vulnerability in kindeditor - 4.1.* · Issue #337 · kindsoft/kindeditor

A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.

CVE-2021-38822: IceHrm Vulnerabilities | Navid Kagalwalla

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

CVE-2021-30086: GitHub - kindsoft/kindeditor: WYSIWYG HTML editor

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

CVE-2020-21082: There are CSRF and XSS vulnerabilities in the background, which can be combined to steal user cookies and administrator cookies · Issue #2 · magicblack/maccms8

A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.

CVE-2021-36741: Q&A | Trend Micro Business Support

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907