Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-25781: WordPress Upload File Type Settings Plugin plugin <= 1.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006. The California-headquartered firm

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

Categories: Business Tags: beautiful cookie consent banner Tags: Wordpress Tags: plugin Tags: vulnerability Tags: exploit Tags: XSS Tags: javascript Tags: update Tags: website We take a look at a vulnerability in a popular WordPress plugin. It's been fixed, but you'll need to update as soon as you can! (Read more...) The post "Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now! appeared first on Malwarebytes Labs.

CVE-2023-25439: FusionInvoice 2023-1.0 Cross Site Scripting ≈ Packet Storm

Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.

CVE-2023-30615: Release v2.2.1 · dfir-iris/iris-web

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.

CVE-2023-33751: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #14 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.

CVE-2023-33750: There is a cross site scripting (XSS) vulnerability exists in mipjz v5.0.5 · Issue #15 · sansanyun/mipjz

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.

Red Hat Security Advisory 2023-3299-01

Red Hat Security Advisory 2023-3299-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, deserialization, improper authorization, and information leakage vulnerabilities.

WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting

WordPress Beautiful Cookie Consent Banner versions 2.10.1 and below suffer from an unauthenticated persistent cross site scripting vulnerability.