Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GYM Management System 1.0 Insecure Settings

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Red Hat Security Advisory 2024-6656-03

Red Hat Security Advisory 2024-6656-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a cross site scripting vulnerability.

Webpay E-Commerce 1.0 Cross Site Scripting

Webpay E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

GHSA-32fj-r8qw-r8w8: MindsDB Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

3DSecure version 2.0 is vulnerable to form action hijacking via the threeDSMethodNotificationURL parameter. This flaw allows attackers to change the destination website for form submissions, enabling data theft.

3DSecure 2.0 3DS Authorization Method Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities in the 3DS Authorization Method of 3DSecure version 2.0 allow attackers to inject arbitrary web scripts via the threeDSMethodData parameter.

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

3DSecure version 2.0 is vulnerable to cross site scripting in its 3DSMethod Authentication. This vulnerability allows remote attackers to hijack the form action and change the destination website via the params parameter, which is base64 encoded and improperly sanitized.