Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-j4mx-98hw-6rv6: craftcms/cms vulnerable to cross site scripting in RSS feed widget

A malformed title in the feed widget of craftcms/cms can deliver an XSS payload. This has been resolved in [this commit](https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442).

ghsa
#xss#vulnerability#git
GHSA-5xq3-7mw9-wj5p: Cross Site Scripting in thorsten/phpmyfaq

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

GHSA-5mf7-p346-7rm8: Cross Site Scripting in thorsten/phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

GHSA-2ffp-w665-9mgx: Cross Site Scripting in nilsteampassnet/teampass

nilsteampassnet/teampass prior to 3.0.7 is vulnerable to cross site scripting (XSS) from item names within a folder.

CVE-2023-2550: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@20ac515

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2553

Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.

CVE-2023-2427: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@514f4df

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

CVE-2023-2516: 3.0.7 · nilsteampassnet/TeamPass@39b774c

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

CVE-2022-43866

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.

Debian Security Advisory 5399-1

Debian Linux Security Advisory 5399-1 - Several vulnerabilities were discovered in odoo, a suite of web based open source business apps.