Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

City Variety LMS 2.2 Cross Site Scripting

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#pdf#auth#ruby#firefox
CVE-2023-23548: Fix XSS in business intelligence

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.

GHSA-4q66-g4mm-8rg5: Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting `silverstripe/admin`. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in `silverstripe/admin`. Silverstripe CMS 5 is not affected by those vulnerabilities because it uses TinyMCE 6. You can find more information about the underlying vulnerabilities in those GitHub security advisories: - [GHSA-5h9g-x5rv-25wg Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-5h9g-x5rv-25wg) - [GHSA-w7jx-j77m-wp65 Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-w7jx-j77m-wp65)

Joomla iProperty Real Estate 4.1.1 Cross Site Scripting

Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.

Copyparty 1.8.6 Cross Site Scripting

Copyparty version 1.8.6 suffers from a cross site scripting vulnerability.

CMSninesol 1.0 Cross Site Scripting

CMSninesol version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-35792: CVE-2023-35792 - Excellium Services

Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).

CVE-2023-38305: Webmin-2.021/CVE-2023-38305 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.

CVE-2023-38304: Webmin-2.021/CVE-2023-38304 at main · jaysharma786/Webmin-2.021

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.