CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.

**Describe the bug**  
Storage type xss exists in Custom Field Editor in /admin/modules/system/custom\_field.php file. There is no effective defense against the NOTE field, leading to cross-site script attacks.

**To Reproduce**  
Steps to reproduce the behavior:  
Storage type xss exists in Custom Field Editor in /admin/modules/system/custom\_field.php file. There is no effective defense against the NOTE field, leading to cross-site scripting attacks.  
Administrator login "system" add new "field> fill in cross-site scripting in the NOTE field `(example:'"><svg/onload=alert(document.domain)>)`  
It will take effect after saving.

**Expected behavior**  
You can insert js scripts to attack.

**Screenshots**  
![3](https://user-images.githubusercontent.com/18564938/147060823-4a8328b5-9ea5-400a-80d2-48c4a8828895.png)  
![4](https://user-images.githubusercontent.com/18564938/147060883-f5af4b94-3587-4dee-9e94-45415050b3eb.png)

**Desktop :**

*   OS: \[MacBook M1\]
*   Browser \[Chrome\]
*   Version \[96.0.4664.110\]

Headline

CVE-2021-45792: [Security Bug]Stored cross-site script attacks（xss） · Issue #122 · slims/slims9_bulian

CVE: Latest News