Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-44629: WordPress Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-38347: XSS in Benno MailArchiv Web-App (benno-rest-lib – Sebastian's Blog

An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.

CVE-2023-39008: LogicalTrust - [EN] A-Z: OPNsense - Penetration Test

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.

CVE-2023-39000: System:Logging - Sanitize user input. An alfanum filter might be poss… · opnsense/core@d1f350c

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.

PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery

PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.

Lucee 5.4.2.17 Cross Site Scripting

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

DevSoft Arge Bilişim CMS 1.0.0 Cross Site Scripting

DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.

Desenvolvido Buscazip Guiaking CMS 1.0 Cross Site Scripting

Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.