Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2020-22153: Code execution in navigation/upload · Issue #553 · daylightstudio/FUEL-CMS

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.

CVE
Open in Source
#xss#vulnerability#web#php
CVE-2020-22152: XSS in pages · Issue #552 · daylightstudio/FUEL-CMS

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.

CVE-2023-36223

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.

CVE-2023-36222: bbs-go 存储式跨站脚本漏洞1 · Issue #206 · mlogclub/bbs-go

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.

CVE-2023-36291: Add SECURITY.md · Issue #500 · maxsite/cms

Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.

New Meduza Malware Targets Wallets, Passwords and Browsers on Windows

By Deeba Ahmed Meduza malware is being fiercely marketed across different Telegram channels, cybercrime and dark web forums. This is a post from HackRead.com Read the original post: New Meduza Malware Targets Wallets, Passwords and Browsers on Windows

CVE-2023-36816: XSS at Account creation

2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service (CaaS) ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a singular objective: comprehensive data theft," Uptycs said in a new report. "It pilfers users' browsing

Alkacon OpenCMS 15.0 Cross Site Scripting

Alkacon OpenCMS version 15.0 suffers from a cross site scripting vulnerability.

Inout Search Engine AI Edition 1.1 Cross Site Scripting

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.