Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-40657: JoomDOC - Joomla! Extension Directory

A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.

CVE
Open in Source
#xss#vulnerability
CVE-2023-40627: LivingWord - Joomla! Extension Directory

A reflected XSS vulnerability was discovered in the LivingWord component for Joomla.

CVE-2023-31546: CVE-2023-31546/CVE-2023-31546.md at main · ran9ege/CVE-2023-31546

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.

CVE-2023-41618: wuhaozhe-s-CVE/CVE-2023-41618 at main · GhostBalladw/wuhaozhe-s-CVE

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.

CVE-2023-41621: wuhaozhe-s-CVE/CVE-2023-41621 at main · GhostBalladw/wuhaozhe-s-CVE

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.

CVE-2023-47623: GHSL-2023-218_GHSL-2023-219: Cross-Site Scripting (XSS) in scrypted

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.

GHSA-3m87-5598-2v4f: Prometheus XSS Vulnerability

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

CVE-2023-49296: Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.

CVE-2023-6774

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /accounts_con/register_account. The manipulation of the argument Username with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247910 is the identifier assigned to this vulnerability.

CVE-2023-6789: CVE-2023-6789 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.