Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35137: CVE-ID: CVE-2022-35137

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE
Open in Source
#xss#vulnerability#js

CVE-ID: CVE-2022-35137

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. The platform does not output encode JS payloads such as <script>alert(document.cookie)</script>. These are instances of stored XSS that can be abused to steal admin user cookies.

References:

https://owasp.org/www-community/attacks/xss/

Related news

CVE-2022-35613: CVE-ID: CVE-2022-35613

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE