CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.

Software Link:https://github.com/WBCE/WBCE\_CMS

Version: v1.5.4

Describe：WBCE CMS 1.5.4i s vulnerable to Cross Site Scripting (XSS) via /search/index.php search\_no\_results parameters.

**

Steps to reproduce:

**

Select show advance options in Settings.

Add payload to no results in search settings:<sCRiPt>alert(123456);</sCrIpT>

When the query fails to find results, an xss pop-up window will be formed.

Headline

CVE-2022-45036: WBCE CMS v1.5.4 is vulnerable to XSS via /search/index.php

CVE: Latest News