Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-46026: phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46026-PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0-Stored-Cross-Site-Scripting-Vulnerability.md at main · ersinerenl

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.

CVE
Open in Source
#xss#vulnerability#git#php
CVE-2023-47545: WordPress Forms for Mailchimp by Optin Cat plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions.

CVE-2023-47546: WordPress OneClick Chat to Order plugin <= 1.0.4.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions.

CVE-2023-47547: WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.

CVE-2023-47549: WordPress EazyDocs plugin <= 2.3.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions.

CVE-2023-47533: WordPress Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.

CVE-2023-47544: WordPress Atarim plugin <= 3.12 - Unauthenticated Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions.

GHSA-mm79-jhqm-9j54: Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

> ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.3 or 2.1.4 that fix the problem described. ### Credits Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2023-007](https://typo3.org/security/advisory/typo3-core-sa-2023-007) * [Disclosure & PoC](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-652v-xw37-rvw7) (embargoed +90 days)

CVE-2023-47125: By-passing Cross-Site Scripting Protection in HTML Sanitizer

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-47550: WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Cross Site Scripting (XSS) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.