Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-45065: WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2022-47439: WordPress Open Graphite plugin <= 1.6.0 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.

CVE-2022-47437: WordPress WSB Brands plugin <= 1.1.8 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.

FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking

Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.

Ubuntu Security Notice USN-6061-1

Ubuntu Security Notice 6061-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

BlogMagz CMS 1.0 Cross Site Scripting

BlogMagz CMS version 1.0 suffers from a cross site scripting vulnerability.

Rollout::UI 0.5 Cross Site Scripting

Rollout::UI version 0.5 suffers from a cross site scripting vulnerability.

CVE-2023-0267

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0268

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0280

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.