Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-22864: XSS of froala wysiwyg editor

A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.

CVE
#xss#vulnerability#web

Related news

CVE-2021-25978: sanitize SVG uploads, including previous uploads · apostrophecms/apostrophe@c8b94ee

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

CVE-2020-24000: There is SQL injection in your source code · Issue #13 · eyoucms/eyoucms

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

CVE-2021-41746: SQL injection · Issue #1 · purple-WL/Yonyou-TurboCRM-SQL-injection

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.

CVE-2021-33988: Microweber CMS(1.2.7) Reflected XSS · Issue #2 · nck0099/osTicket

Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.

CVE-2021-42333: TWCERT/CC台灣電腦網路危機處理暨協調中心-驊鉅數位科技 Easytest線上學習測驗平台 - SQL Injection-1

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.

CVE-2021-42334: TWCERT/CC台灣電腦網路危機處理暨協調中心-驊鉅數位科技 Easytest線上學習測驗平台 - SQL Injection-2

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.

CVE-2021-42227: There is a stored xss vulnerability in kindeditor - 4.1.* · Issue #336 · kindsoft/kindeditor

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).

CVE-2021-38822: IceHrm Vulnerabilities | Navid Kagalwalla

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

CVE-2020-20781: The title, key words, description and content of the article are all stored XSS. · Issue #1 · forget-code/ucms

A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields.

CVE-2021-30086: GitHub - kindsoft/kindeditor: WYSIWYG HTML editor

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.

CVE-2020-21081: There are CSRF and XSS vulnerabilities in the background, which can be combined to steal user cookies and administrator cookies · Issue #2 · magicblack/maccms8

A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

CVE-2012-6555: About Secunia Research | Flexera

Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907