Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-33216: WordPress WooDiscuz – WooCommerce Comments plugin <= 2.2.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-2948: fixes: couple more misc fixes (#6336) · openemr/openemr@af1ecf7

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

CVE-2023-2949

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.

CVE-2023-2947: fix: bug fix (#6296) · openemr/openemr@8d2d601

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

CVE-2023-2925

A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-2922: CVERequest/XSS.md at main · kanyl6/CVERequest

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could

CVE-2023-33195: XSS in RSS widget feed

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.

CVE-2023-32325: fix: Remove API and JS urls (#630) · PostHog/posthog-js@67e07eb

PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.

CVE-2023-33194: Fixed an XSS vulnerability · craftcms/cms@9d0cd0b

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.