Tag
#xss
City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting `silverstripe/admin`. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in `silverstripe/admin`. Silverstripe CMS 5 is not affected by those vulnerabilities because it uses TinyMCE 6. You can find more information about the underlying vulnerabilities in those GitHub security advisories: - [GHSA-5h9g-x5rv-25wg Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-5h9g-x5rv-25wg) - [GHSA-w7jx-j77m-wp65 Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-w7jx-j77m-wp65)
Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.
CMSshop version 1 suffers from a cross site scripting vulnerability.
Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.
CMSninesol version 1.0 suffers from a cross site scripting vulnerability.
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.