Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-47096: Virtualmin-7.7/CVE-2023-47096 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.

CVE
Open in Source
#xss#vulnerability#git
CVE-2023-47095: Virtualmin-7.7/CVE-2023-47095 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.

CVE-2023-47094: Virtualmin-7.7/CVE-2023-47094 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.

CVE-2023-47098: Virtualmin-7.7/CVE-2023-47098 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.

CVE-2023-47099: Virtualmin-7.7/CVE-2023-47099 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.

CVE-2023-47097: Virtualmin-7.7/CVE-2023-47097 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.

CVE-2023-46278: サイボウズ リモートサービス 4 脆弱性に関するお知らせ | サイボウズからのお知らせ

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.

CVE-2023-39695: Vulns/Insufficient Session Expiration - Elenos.md at 35fe4fb3d5945b5df2a87aab0cf9ec6137bcf976 · strik3r0x1/Vulns

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.

CVE-2023-37833: Vulns/BAC leads to access Traps configurations.md at main · strik3r0x1/Vulns

Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.

CVE-2023-46378: Minicms1.1.1 Exists storage xss

Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.