#xss

CVE-2023-34648: Common-Vulnerabilities-and-Exposures/CVE-2023-34648 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.

1 year ago

CVE

Open in Source

#xss #vulnerability #java #php #auth

CVE-2023-1602: Changeset 2931815 for shorten-url/trunk/shorten-url.php – WordPress Plugin Repository

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE

Open in Source

#xss #web #wordpress #php #auth

CVE-2023-33661: XSS exists in the group report page · Issue #6474 · ChurchCRM/CRM

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.

1 year ago

CVE

Open in Source

#sql #xss #vulnerability #web #windows #linux #java #php #firefox

CVE-2023-34647: Common-Vulnerabilities-and-Exposures/CVE-2023-34647 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

1 year ago

CVE

Open in Source

#xss #vulnerability #java #php #auth

CVE-2023-36474: Making app CNAME optional by Mzack9999 · Pull Request #155 · projectdiscovery/interactsh

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.

1 year ago

CVE

Open in Source

#xss #web #git

CVE-2023-34652: Common-Vulnerabilities-and-Exposures/CVE-2023-34652 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

1 year ago

CVE

Open in Source

#xss #vulnerability #java #php #auth

CVE-2023-34651: Common-Vulnerabilities-and-Exposures/CVE-2023-34651 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).