Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-5303

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.

CVE
Open in Source
#xss#vulnerability#php
CVE-2023-5302

A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.

GHSA-58v7-58c2-qwm9: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-j5ww-5xf4-hqm2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-pp4w-g5p4-85p2: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

GHSA-5jwv-m8h3-69cg: phpMyFaq Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5295: user-file.php in facebook-comment-by-vivacity/tags/1.4 – WordPress Plugin Repository

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-43706: Os Commerce - Cross Site Scripting Reflected (XSS) | Advisories | Fluid Attacks

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

CVE-2023-5316: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@332d2e4

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

CVE-2023-5319: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.