Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-24381: WordPress Advanced Social Pixel plugin <= 2.1.1 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-1507

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223411.

CVE-2023-1248: OTRS Security Advisory 2023-01 | OTRS

Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVE-2023-1500: BugHub/SIMPLE ART GALLERY system has Cross site scripting vulnerabilities.pdf at main · Decemberus/BugHub

A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.

GHSA-ch9g-x9j7-rcgp: imgproxy Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.

CVE-2023-1496

Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.

CVE-2023-1485

A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371.

CVE-2023-28607: fix: [security] XSS in event-graph relationship tooltip · MISP/MISP@78f4234

js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.

CVE-2023-28606: Comparing v2.4.168...v2.4.169 · MISP/MISP

js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.