Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-50100: cms/There is a storage type XSS for carousel image editing.md at master · Jarvis-616/cms

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

CVE
Open in Source
#xss#vulnerability#git
CVE-2023-50101: cms/Label management editing with stored XSS.md at master · Jarvis-616/cms

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.

GHSA-gqrq-j6pm-98c2: External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting as CSV.

CVE-2023-50011: PopojiCMS 2.0.1 Remote Command Execution ≈ Packet Storm

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.

CVE-2023-50563: Cms_Vuls_test/Semcms/Semcms_Sql_Inject.md at main · SecBridge/Cms_Vuls_test

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

CVE-2023-50564: Cms_Vuls_test/Pluckcms/Pluck_v4.7.18_Any_File_Upload_Getshell.md at main · SecBridge/Cms_Vuls_test

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.

CVE-2023-50565: Multiple stored XSS vulnerabilities in rpcms 3.5.5 · Issue #7 · ralap-z/rpcms

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-6572: Source repository compromise via github actions workflow in gradio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main.

InsideBitcoins Review – Best Platform To Catch Up on Crypto News?

By Owais Sultan The volatile state the crypto market is in has made it a requirement for investors and traders to… This is a post from HackRead.com Read the original post: InsideBitcoins Review – Best Platform To Catch Up on Crypto News?