Security
Headlines

Headlines Latest CVEs

Headline

GHSA-gm8c-w9cm-c445: Microweber vulnerable to HTML Injection in create tag functionality

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. A patch is available on commit f20abf30a1d9c1426c5fb757ac63998dc5b92bfc and is anticipated to be part of version 1.3.2.

2 years ago

#xss #web #git #java

Microweber vulnerable to HTML Injection in create tag functionality

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Related news

CVE-2022-3245: update · microweber/microweber@f20abf3

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

2 years ago

#xss #web #js #java

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

12 hours ago

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

15 hours ago

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

15 hours ago

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

15 hours ago

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

15 hours ago