Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36551: Bypass Cross Site Script Vulnerability on "Calendar" in TikiWiki version 21.4 · Issue #7 · r0ck3t1973/xss_payload

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.

CVE
#xss#vulnerability#web

Related news

CVE-2021-36550: Bypass Cross Site Script Vulnerability on "Categories" in TikiWiki version 21.4 · Issue #6 · r0ck3t1973/xss_payload

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.

CVE-2020-25422: Cross Site Script Vulnerability on "Edit Menu" in Mara 7.5 · Issue #2 · r0ck3t1973/xss_payload

A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2020-20131: Stored XSS of PAGE control · Issue #36 · wanglelecc/laracms

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module.

CVE-2020-20129: 存储型XSS漏洞1 · Issue #34 · wanglelecc/laracms

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.

CVE-2021-36841: WordPress YITH Maintenance Mode plugin <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.

CVE-2021-36823: Absolutely Glamorous Custom Admin 6.8 stored XSS

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907