Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Vacation Rental 1.8 Cross Site Scripting

Vacation Rental version 1.8 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#auth
Sisfo Sistem Informasi Akademik LMS 1.9.3 Cross Site Scripting

Sisfo Sistem Informasi Akademik LMS version 1.9.3 suffers from a cross site scripting vulnerability.

Rest-Cafe And Restaurant Website CMS 2.0.0 Cross Site Scripting

Rest-Cafe and Restaurant Website CMS version 2.0.0 suffers from a cross site scripting vulnerability.

Alumni Club Management Tools 2.2.7 Cross Site Scripting

Alumni Club Management Tools version 2.2.7 suffers from a cross site scripting vulnerability.

CVE-2023-36812: Fix for #2269 and #2267 XSS vulnerability. · OpenTSDB/opentsdb@fa88d3e

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.

GHSA-793w-g325-hrw2: XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages

### Effect Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as - removing technical documents, leading to loss of service - Editing the javascript configuration of CKEditor, leading to persistent XSS ### Patches This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. ### Workarounds The issue can be fixed manually by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f ### References - https://jira.xwiki.org/browse/XWIKI-20590 - https://jira.xwiki.org/browse/CKEDITOR-508 - https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f ### For more info...

GHSA-3p62-6fjh-3p5h: Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC

AssertionConsumerServiceURL is a Java implementation for SAML Service Providers (org.keycloak.protocol.saml). Affected versions of this package are vulnerable to Cross-site Scripting (XSS). AssertionConsumerServiceURL allows XSS when sending a crafted SAML XML request.