Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-31223: Security Reports | Dradis Framework

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

CVE
Open in Source
#sql#xss#vulnerability#java#auth
CVE-2023-30842: https://github.com/WWBN/AVideo/security/advisories/GHSA-xr9h-p2rc-rpqm · WWBN/AVideo@236228f

AVideo is an open-source video platform. Prior to version 12.4, AVideo is vulnerable to remote code execution when an attacker embeds a malicious video link. This issue is fixed in version 12.4.

CVE-2023-30609: Merge pull request from GHSA-xv83-x443-7rmw · matrix-org/matrix-react-sdk@bf182bc

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.

CVE-2023-2293

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463.

CVE-2023-25461: WordPress Wp-Insert plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.

CVE-2023-24005: WordPress Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions.

CVE-2023-23889: WordPress Quick Paypal Payments plugin <= 5.7.25 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

CVE-2023-23866: WordPress Interactive Geo Maps plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions.

CVE-2023-23710: WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

CVE-2023-23995: WordPress TinyMCE Custom Styles plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.