Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-23685: WordPress Portfolio – WordPress Portfolio Plugin plugin <= 2.8.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-23686: WordPress Simple Staff List plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.

CVE-2023-23878: WordPress WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

CVE-2023-23821: WordPress Interactive Polish Map plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.

CVE-2023-24724: Stored XSS Vulnerability Discovered in SAS 9.4 Admin Console — CVE -2023–24724

A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields.

GHSA-38h6-gmr2-j4wx: Silverstripe Form Capture vulnerable to stored cross-site-scripting

### Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack ### Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1.

GHSA-fq8q-55v3-2986: Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 1.5.1. ### Workarounds Apply the patch https://github.com/pimcore/perspective-editor/pull/121.patch manually.

CVE-2023-28851: Improper Handling of User Input - Cross-Site Scripting (Stored)

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability.

ChatGPT Cross Site Scripting

ChatGPT suffered from a cross site scripting vulnerability. OpenAI has since addressed this issue.