Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-38310: Webmin-2.021/CVE-2023-38310 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.

CVE
Open in Source
#xss#vulnerability#web#git
CVE-2023-38311: Webmin-2.021/CVE-2023-38311 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.

CVE-2023-38304: Webmin-2.021/CVE-2023-38304 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.

CVE-2021-31651: neofarg has a stored XSS vulnerability · Issue #92 · NeoFrag/NeoFrag

Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.

CVE-2023-34872: OutlineItem::open: Fix crash on malformed files (591235c8) · Commits · poppler / poppler · GitLab

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that

GHSA-q9vm-29ph-p7mp: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

GHSA-2xvx-368h-qcmv: phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

Compromised Barracuda appliances equipped with persistent backdoors by attackers

Categories: Exploits and vulnerabilities Categories: News Tags: Barracuda Tags: ESG Tags: CVE-2023-2868 Tags: SUBMARINE Tags: SEASPY Tags: shell CISA has released three reports based on the analysis of backdoors planted on compromised Barracuda ESG appliances (Read more...) The post Compromised Barracuda appliances equipped with persistent backdoors by attackers appeared first on Malwarebytes Labs.

CVE-2023-4007: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@40eb968

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.