Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2023-48881: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #53 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.

CVE
#xss#vulnerability#web#windows#apple#js#java#php#chrome#webkit
CVE-2023-48880: EyouCMS-V1.6.4-UTF8-SP1 has a vulnerability, Stored Cross-Site Scripting · Issue #52 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

Ubuntu Security Notice USN-6490-1

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection

FireBear Improved Import and Export version 3.8.6 for Magento 2.4.6 suffers from an XSLT server-side injection vulnerability that allows for command execution.

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

CVE-2022-45781: Tenda AX1803 Buffer Overflow vulnerability . - XFALLEN

Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.

CVE-2023-45880: usd-2023-0022 - usd HeroLab

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.

CVE-2023-45881: usd-2023-0024 - usd HeroLab

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response.

CVE-2023-45879: usd-2023-0019 - usd HeroLab

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.