Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-hfmg-g39c-5444: pimcore is vulnerable to cross-site scripting in translate module

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14732.patch manually. ### References https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/

ghsa
Open in Source
#xss#vulnerability#git#auth
CISA Warns of Vulnerabilities in Propump and Controls’ Osprey Pump Controller

By Habiba Rashid CISA's advisory came after the Macedonian cybersecurity firm Zero Science Lab discovered and reported the vulnerabilities to authorities. This is a post from HackRead.com Read the original post: CISA Warns of Vulnerabilities in Propump and Controls’ Osprey Pump Controller

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe," Proofpoint

CVE-2023-1772

A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.

CVE-2023-1771

A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672.

CVE-2023-1060

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.

GHSA-4wfc-ghv5-2v7j: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-7q9c-f2v8-j8gw: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-hp8m-g55r-9cfq: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE-2023-1759: fix: corrected sanitazing the string · thorsten/phpMyFAQ@ecbd810

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.