Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-48736: Patch for CIccCLUT::Interp2d and Interp3d in IccTagLut.cpp by xsscx · Pull Request #58 · InternationalColorConsortium/DemoIccMAX

In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.

CVE
Open in Source
#xss#apple
GHSA-5phw-6g3r-55xx: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.

GHSA-hhcf-79pm-r8r9: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field.

GHSA-96q4-7fwr-gmxh: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.

GHSA-chj5-8wxj-rxg8: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field.

GHSA-qjmx-q5m4-xqf5: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field.

GHSA-3g79-j8hq-r4xv: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field.

GHSA-mfp5-vh58-3j3r: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.

GHSA-gx82-jm5q-gfw2: Cross-site Scripting in OpenCRX

OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field.

CVE-2023-44796: Fixed issue [security] #19099: XSS vulnerability caused by themeOptions/importManifest by Shnoulle · Pull Request #3483 · LimeSurvey/LimeSurvey

Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.