Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-mhpj-7m7h-8p6x: Pimcore Cross-site Scripting (XSS) in Static Routes name field

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually: https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091.patch ### References https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801/

ghsa
Open in Source
#xss#vulnerability#git#auth
CVE-2023-30394: GitHub - ros-planning/moveit: The MoveIt motion planning framework

Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.

CVE-2023-30394: | The MoveIt® Companies

MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.

CVE-2023-29031: ArmorStart® ST 281E, 284EE Vulnerable to Multiple XSS Vulnerabilities

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.

CVE-2023-25309: Rollout::UI 0.5 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.

HouseKit 1.0 Cross Site Scripting

HouseKit version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-22720: WordPress WP Links Page plugin <= 4.9.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.

CVE-2023-2659: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.

CVE-2023-2661: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

GaanaGawaana 1.0 Cross Site Scripting

GaanaGawaana version 1.0 suffers from a cross site scripting vulnerability.