Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CompanyMaps 8.0 Cross Site Scripting

CompanyMaps version 8.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#mac#windows#google#linux#git#php#auth
CVE-2023-29639: There are multiple stored XSS on the My-Blog page. · Issue #131 · ZHENFENG13/My-Blog

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.

CVE-2023-29638: There is a stored XSS on the article page. · Issue #74 · WinterChenS/my-site

Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.

CVE-2023-29637: There are multiple XSS on the My-Blog page · Issue #13 · Qbian61/forum-java

Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.

CVE-2023-29643: PerfreeBlog storage type XSS defect · Issue #14 · perfree/PerfreeBlog

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.

CVE-2023-29641: There is an XSS on the editor.md. · Issue #985 · pandao/editor.md

Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.

GHSA-9xg6-75mh-7x3f: Cross-site Scripting (XSS) in pimcore

### Impact An attacker can use XSS to send a malicious script to any user. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a.patch manually. ### References https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7/

CVE-2018-25085

A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755.

GHSA-8595-6653-96p2: phpMyFAQ vulnerable to Stored Cross-site Scripting

phpMyFAQ prior to 3.1.13 has a stored cross site scripting vulnerability in `name` field in add question module. This allows an attacker to steal user cookies.

CVE-2023-2428: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.