Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-22902: Openfind Mail2000 - XSS

Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.

CVE
Open in Source
#xss#vulnerability#java#auth
CVE-2023-28884: fix: [security] XSS in community index · MISP/MISP@b94c797

In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.

CVE-2023-1635: 2023/XSS.md at main · BigTiger2020/2023

A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.

CVE-2023-28435: [Bug] 未授权上传文件导致XSS漏洞 · Issue #4798 · dataease/dataease

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.

Sales Tracker Management System 1.0 Cross Site Scripting

Sales Tracker Management System version 1.0 suffers from a cross site scripting vulnerability.

Application Security Requires More Investment in Developer Education

If you haven't done so already, it's time to take the first step toward solving this application security dilemma.

CVE-2023-27242: Loan-Management-System/README.md at main · kaikai-11/Loan-Management-System

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.

CVE-2023-1616

A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.

CVE-2020-24857: Release Security Fix, Small Bug Fixes and Minor Improvements / Features · inex/IXP-Manager

Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component.

GHSA-9f45-9qrw-pp4v: Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.