Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-j93v-cx26-2xc4: Duplicate Advisory: Cross-site Scripting (XSS) in Predefined Properties delete

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q7cc-m6jw-m262. This link is maintained to preserve external references. ## Original DescriptionCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

ghsa
Open in Source
#xss#git
GHSA-g947-422m-hr7p: Duplicate Advisory: Pimcore Cross-site Scripting (XSS) in Static Routes name field

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mhpj-7m7h-8p6x. This link is maintained to preserve external references. ## Original Description Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE-2023-30777: WordPress Advanced Custom Fields Pro plugin <= 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.

CVE-2023-27888: Joruri Gw vulnerable to cross-site scripting

Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.

CVE-2023-27918: JVN#00971105: WordPress Plugin "Appointment and Event Booking Calendar for WordPress

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.

CVE-2023-2615

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE-2023-2614: Fix name field in custom reports (#15007) · pimcore/pimcore@c36ef54

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE-2023-2616: [Security] Fix xss in static routes panel (#14947) · pimcore/pimcore@07a2c95

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE-2023-25832: Portal for ArcGIS Security 2023 Update 1 Patch

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. 

CVE-2023-30057: FICO Origination Manager Decision Module 4.8.1 XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.