Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-26645: CVE/CVE-2022-26645 at main · erik-451/CVE

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.

CVE
#xss#vulnerability#web#git
CVE-2022-26644: CVE/CVE-2022-26644 at main · erik-451/CVE

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.

CVE-2022-24135: Search function Cross Site Script(XSS) Vulnerability · Issue #17 · 78778443/QingScan

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.

CVE-2022-28223: Post auth RCE based in malicious LUA plugin script upload SCADA controllers located in Russia

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

CVE-2021-44310

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.

CVE-2022-23801: Joomla! Developer Network

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.

CVE-2022-23800: Joomla! Developer Network

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.

CVE-2022-23796: Joomla! Developer Network

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.

CVE-2022-23136: Security Bulletin Details

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.

CVE-2021-23850: Multiple vulnerabilities in Bosch IP cameras

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.