#xss

CVE-2023-25557: SSRF/XSS (`GHSL-2022-076`)

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.

2 years ago

CVE

Open in Source

#xss #vulnerability #git #java #ssrf #auth

CVE-2022-44261: AveryDennison/AveryDennison_MonarchM9855_XSS at main · IthacaLabs/AveryDennison

Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).

2 years ago

CVE

Open in Source

#xss #git

CVE-2023-23161: CVE/CVE-2023-23161.txt at main · rahulpatwari/CVE

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #windows #apple #php #chrome #webkit

Malicious Game Mods Target Dota 2 Game Users

Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.

2 years ago

DARKReading

Open in Source

#sql #xss #vulnerability #web #apple #google #ddos #dos #nodejs #java #backdoor #rce

Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

2 years ago

PortSwigger

Open in Source

#xss #csrf #vulnerability #web #mac #google #microsoft #cisco #dos #git #java #php #rce #pdf #oauth #auth #ruby #jira #chrome #ssl

CVE-2023-24234: GitHub - stemword/php-inventory-management-system: Open source inventory management system with php and mysql Invoice generation and easy to download invoice in PDF format Lightweight and easy to use

A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #git #php #pdf

CVE-2023-24230: Release Formwork 1.12.1 · getformwork/formwork

A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #git

Red Hat Security Advisory 2023-0708-01

Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #linux #red_hat #js #rpm

ChiKoi 1.0 Cross Site Scripting

ChiKoi version 1.0 suffers from a cross site scripting vulnerability.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #windows #google #git #auth #firefox

OAuth ‘masterclass’ crowned top web hacking technique of 2022

Single sign-on and request smuggling to the fore in another stellar year for web security research