Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-29837: Exelysis/EUCS Admin Login XSS_CVE-2023-29836_CVE-2023-29837.txt at main · IthacaLabs/Exelysis

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.

CVE
Open in Source
#xss#vulnerability#web#windows#java#php#auth#firefox
RHSA-2023:3198: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26291: A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that r...

CVE-2023-2768

A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability.

How to Protect Your Organization From Vulnerabilities

Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.

WordPress Core 6.2 XSS / CSRF / Directory Traversal

WordPress Core versions 6.2 and below suffer from cross site request forgery, persistent cross site scripting, shortcode execution, insufficient sanitization, and directory traversal vulnerabilities.

CVE-2023-31699: XSS via Image File · Issue #6471 · ChurchCRM/CRM

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.

CVE-2023-31703: CVE-2023-31703/README.md at main · sahiloj/CVE-2023-31703

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

GHSA-j657-pjgc-c4h6: phpMyFAQ vulnerable to stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

GHSA-vppq-6ff8-2m8w: phpMyFAQ vulnerable to stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.