Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-43657: Improper escaping of encrypted topic titles can lead to XSS under non-default site configuration

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.

CVE
Open in Source
#xss#perl
GHSA-2g8p-j2r6-vqpj: October Cross-site Scripting vulnerability

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

GHSA-7vff-rv2f-cj79: Subrion CMS Cross-site Scripting vulnerability

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVE-2023-43879: GitHub - sromanhu/RiteCMS-Stored-XSS---GlobalContent: About RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted

Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.

CVE-2023-43878: RiteCMS-Stored-XSS---MainMenu/README.md at main · sromanhu/RiteCMS-Stored-XSS---MainMenu

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.

CVE-2023-43876: October-CMS-Reflected-XSS---Installation/README.md at main · sromanhu/October-CMS-Reflected-XSS---Installation

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

CVE-2023-43884: GitHub - dpuenteramirez/XSS-ReferenceID-Subrion_4.2.1

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVE-2023-43874: e107-CMS-Stored-XSS---MetaCustomTags/README.md at main · sromanhu/e107-CMS-Stored-XSS---MetaCustomTags

Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.

CVE-2023-43873: e107-CMS-Stored-XSS---Manage/README.md at main · sromanhu/e107-CMS-Stored-XSS---Manage

A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.