#xss

A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.

A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(666)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747.

A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748.

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input "><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability.

By Deeba Ahmed Researchers have noted that attackers are targeting a medium-severity Zimbra vulnerability that the company patched in version 9.0.0 Patch 24, one year ago. This is a post from HackRead.com Read the original post: Zimbra email platform vulnerability exploited to steal European govt emails

Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14721.patch manually. ### References https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256/

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### References https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19