#xss

Categories: News Tags: CISA Tags: BOD 23-02 Tags: Internet exposed Tags: management interfaces Tags: vulnerabilities Tags: CVE-2023-27992 Tags: CVE-2023-20887 There is a lot to be said for the strategy of shielding management interfaces from public internet access (Read more...) The post Reducing your attack surface is more effective than playing patch-a-mole appeared first on Malwarebytes Labs.

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.7-GA.

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.

PHP Online School version 1.0 suffers from a cross site scripting vulnerability.

PHP Mail version 5.0 suffers from a cross site scripting vulnerability.

WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.

PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.