Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

ImgHosting 1.2 Cross Site Scripting

ImgHosting version 1.2 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
The Weird, Big-Money World of Cybercrime Writing Contests

The competitions, which are held on Russian-language cybercrime forums, offer prize money of up to $80,000 for the winners.

​PTC Codebeamer

1. EXECUTIVE SUMMARY ​CVSS v3 8.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Codebeamer ​Vulnerability: Cross site scripting 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which could be executed in the victim's browser upon clicking on a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of PTC Codebeamer, Application Lifecycle Management (ALM) platform for product and software development, are affected: ​Codebeamer: v22.10-SP6 or lower ​Codebeamer: v22.04-SP2 or lower ​Codebeamer: v21.09-SP13 or lower 3.2 VULNERABILITY OVERVIEW 3.2.1 CROSS-SITE SCRIPTING CWE-79 ​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. ​CVE-2023-4296 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has ...

CVE-2023-40170: cross-site inclusion (XSSI) of files

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.

CVE-2023-38969: Badaso version 2.9.7 has an XSS vulnerability in add books

Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.

CVE-2023-39578: Zenaio-xss · Issue #1 · anh91/Zenario-xss

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.

GHSA-99fg-2h75-m92h: Spipu HTML2PDF vulnerable to cross-site scripting

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.

CVE-2023-39062: GitHub - afine-com/CVE-2023-39062: Spipu Html2Pdf < 5.2.8 - XSS vulnerabilities in example files

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.

CVE-2020-27366: CVE-2020-27366 - Pastebin.com

Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a cross site scripting vulnerability.