Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-24192: CVE/xss in login.php.md at main · xiumulty/CVE

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.

CVE
Open in Source
#xss#vulnerability#git#php
CVE-2022-45722

ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.

BlueHat 2023: Connecting the security research community with Microsoft

We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.

CVE-2017-20176: Fix reflected XSS in new_window.php · ciubotaru/share-on-diaspora@fb6fae2

A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.

CVE-2017-20175: Release v2.4.3 · DaSchTour/matomo-mediawiki-extension

A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203.

GHSA-rghh-ghf7-7943: Sling App CMS Cross-site Scripting vulnerability

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6

CVE-2023-0676: Bugfix: XSS (reflected) in 'bw-calulator-result.php'; · phpipam/phpipam@94ec73f

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.

CVE-2023-0677: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.