Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-37499: Knowledge Article View HCL - Customer Support

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user's session and perform other attacks.

CVE
Open in Source
#xss#vulnerability
CVE-2023-37500: Knowledge Article View HCL - Customer Support

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user's session and perform other attacks.

CVE-2023-20218: Cisco Security Advisory: Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]

CVE-2023-36217: Release XOOPS Version 2.5.10 Final · XOOPS/XoopsCore25

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.

CVE-2023-4145: Fix Xss in the segment name (#490) · pimcore/customer-data-framework@72f45dd

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.

GHSA-735f-w79p-282x: pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name

### Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious attackers. ### Patches Update to version 3.4.2 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch manually. ### References https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0/

CVE-2023-39096: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39096 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.

CVE-2023-39097: WebBoss.io CMS Persistent (Stored) XSS CVE-2023-39097 | RiSec Advisories

WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.

CVE-2023-36299: Release v1.2.1 · typecho/typecho

A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.

CVE-2023-4136: Security Advisories — CrafterCMS 4.0.7 documentation

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.