CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed).

\[Suggested description\]  
Cross SIte Scripting (XSS) vulnerability exists in catfish - <=6.3.0. via  
a Google search inurl:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html  
file on the website that uses this editor (the file suffix is allowed).

\[Vulnerability Type\]  
Cross Site Scripting (XSS)

\[Vendor of Product\]  
https://github.com/xwlrbh/Catfish

\[Affected Product Code Base\]  
catfish - <=6.3.0.

\[Affected Component\]  
POST /catfishcms/index.php/admin/Index/addmenu.html HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0  
...  
zidingyi=your xss url

\[Attack Type\]  
Remote

\[Impact Code execution\]  
true  
![image](https://user-images.githubusercontent.com/67416400/145699069-7fa2b0c7-ba44-4939-a38d-d8b758f9df98.png)  
![image](https://user-images.githubusercontent.com/67416400/145699078-3833b584-0a84-4943-b0ca-a61656361e9e.png)

![image](https://user-images.githubusercontent.com/67416400/145699048-41079f88-2c91-4ce8-9c7d-185cbf0498f7.png)

Headline

CVE-2021-45018: There is a stored xss vulnerability exists in catfish - <=6.3.0. · Issue #9 · xwlrbh/Catfish

CVE: Latest News