Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CMSshop 1 Cross Site Scripting

CMSshop version 1 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ssh#ruby#firefox
Copyparty 1.8.6 Cross Site Scripting

Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.

CMSninesol 1.0 Cross Site Scripting

CMSninesol version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-35792: CVE-2023-35792 - Excellium Services

Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).

CVE-2023-38303: Webmin-2.021/CVE-2023-38303 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.

CVE-2023-38307: Webmin-2.021/CVE-2023-38307 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.

CVE-2023-38308: Webmin-2.021/CVE-2023-38308 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.

CVE-2023-38306: Webmin-2.021/CVE-2023-38306 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.

CVE-2023-38309: Webmin-2.021/CVE-2023-38309 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.

CVE-2023-38305: Webmin-2.021/CVE-2023-38305 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.