Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5891: pkp/pkp-lib#9306 Escape context names in form field labels · pkp/pkp-lib@d4111c4

Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE
Open in Source
#xss#git
CVE-2023-5893

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5892

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5899

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5898

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5895

Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-47096: Virtualmin-7.7/CVE-2023-47096 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.

CVE-2023-47095: Virtualmin-7.7/CVE-2023-47095 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.

CVE-2023-47094: Virtualmin-7.7/CVE-2023-47094 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.

CVE-2023-47098: Virtualmin-7.7/CVE-2023-47098 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.