Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-20697: There is a critical vulnerability in NodCMS · Issue #41 · khodakhah/nodcms

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.

CVE
Open in Source
#xss#vulnerability#web#java

I found a serious vulnerability in NodCMS.
if anyone could login in backend ,he can insert XSS code to execute,it would cause Information disclosure,Account stolen ,etc.
when login in backend,click settings ,then modify content in Address textarea into JavaScript code :

and submit it.
like this

Then ,this string would be stored in database.
When someone browse this website in frontend,this string of code will be execute .
example like this:

This is a Stored XSS vulnerability, be kindly notified please.

Related news

GHSA-7xqx-xwg9-jx34: NodCMS Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows an attacker with administrative privileges to execute arbitrary code and gain access to sensitive information via a crafted script to the address parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE