Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-2109: fix: use innerText instead of innerHTML (#6431) · chatwoot/chatwoot@a06a5a5

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.

CVE
#xss#git
CVE-2022-44734: WordPress Car Rental by BestWebSoft plugin <= 1.1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions.

CVE-2022-45849: WordPress Activello theme <= 1.4.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.

CVE-2022-43480: WordPress Homepage Popup plugin <= 1.2.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.

CVE-2022-43458: WordPress Advanced Floating Content plugin <= 1.2.1 - Multiple Auth. Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions.

CVE-2023-29508: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in org.xwiki.platform:xwiki-platform-livedata-macro

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.

CVE-2023-29506: RXSS with authenticate endpoints

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

CVE-2022-28353: MyBB External Redirect Warning 1.3 Cross Site Scripting ≈ Packet Storm

In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.

CVE-2022-37306: OX App Suite Cross Site Scripting

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

CVE-2018-17883: Security Advisory 2018-06: Security Update for OTRS Framework - ((OTRS)) Community Edition

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.