#xss

GHSA-9q7q-r54q-3f3g: Cross-site Scripting (XSS) in DataObject Classification Store

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch manually. ### References https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2/

2 years ago

ghsa

Open in Source

#xss #vulnerability #git #auth

CVE-2023-2349: cve_hub/Service Provider Management System - vuln 4.pdf at main · E1CHO/cve_hub

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.

2 years ago

CVE

Open in Source

#xss #vulnerability #git #php #pdf

CVE-2023-2350: cve_hub/Service Provider Management System - vuln 5.pdf at main · E1CHO/cve_hub

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.

2 years ago

CVE

Open in Source

#xss #vulnerability #git #php #pdf

CVE-2023-30338: XSS vulnerabilities in pro2.0.3 · Issue #229 · emlog/emlog

Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #php

CVE-2023-24966: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #windows #linux #java #ibm

CVE-2023-2341: fixed xss on login page (#14975) · pimcore/pimcore@66f1089

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

2 years ago

CVE

Open in Source

#xss #csrf #git #auth

CVE-2023-2343: [Security] XSS in Classification Store of Data Objects module (#14933) · pimcore/pimcore@f1d9040

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.