CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

**Affected pages:** xxxxx/blog/

Execute malicious javascript code by modifying the name of the uploaded image to close the html tag or adding the onerror attribute.  
**yes:**  
  
**no:**  

**detailed steps:**  
After publishing a blog with uploaded pictures, click "Edit Blog Entry" to enter the modification page, open Burp Suit and then directly click "save", modify the content of image\[file\] in the request packet in Burp Suit as the attack code  
**payload:**"onerror="alert(/xss/)  
  
**Any member browses the blog page:**

CVE-2021-41502: [XSS!!]When modifying a written blog, you can modify the name of the uploaded picture to cause a stored XSS vulnerability · Issue #885 · intelliants/subrion

Headline

CVE-2021-41502: [XSS!!]When modifying a written blog, you can modify the name of the uploaded picture to cause a stored XSS vulnerability · Issue #885 · intelliants/subrion

CVE: Latest News