#xss

API Security Trends 2023 – Have Organizations Improved their Security Posture?

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on

1 year ago

The Hacker News

Open in Source

#xss #vulnerability #web #ios #intel #perl #auth #zero_day #ssl #The Hacker News

CVE-2023-4097: Multiple Vulnerabilities Idm Sistemas Qsige | INCIBE-CERT

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.

1 year ago

CVE

Open in Source

#sql #xss #vulnerability #web #intel

CVE-2023-5334: WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #intel #perl #auth

CVE-2023-44012: Vulnerability-Disclosures/2023/CVE-2023-44012 at main · Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.

1 year ago

CVE

Open in Source

#xss #vulnerability #js #git

CVE-2023-43267: CVE-2023-43267

A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.

1 year ago

CVE

Open in Source

#xss #vulnerability #web

CVE-2023-41580: GitHub - ehtec/phpipam-exploit

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.

1 year ago

CVE

Open in Source

#sql #xss #vulnerability #dos #git #java #php #ldap #auth

CVE-2023-44265: WordPress Popup contact form plugin <= 7.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #auth

CVE-2023-44264: WordPress The Awesome Feed – Custom Feed plugin <= 2.2.5 - Cross Site Scripting (XSS) - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.