Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-4629

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE
#xss#wordpress
CVE-2022-4570

The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVE-2023-24070: fix: [security] XSS in authkey add · MISP/MISP@f7238fe

app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.

GHSA-xwhj-pqcg-8rcr: CakePHP vulnerable to Cross-site Scripting in some development error pages

CakePHP 3.4 prior to 3.4.14, 3.5 prior to 3.5.17, and 3.6 prior to 3.6.4 contains a cross-site-scripting (XSS) vulnerability in the development only `missing route` and `duplicate named route` error pages.

CVE-2023-24027: fix: [security] XSS through network history name · MISP/MISP@72c5424

In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.

CVE-2023-24026: fix: [security] XSS in eventgraph preview payload · MISP/MISP@a46f794

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.

CVE-2023-23492: Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

CVE-2023-23024: XSS in Book Store

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.

CVE-2023-23015: XSS Kalkun

Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.

CVE-2023-23014: Possible XSS vulnerabilities · Issue #23 · ronknight/InventorySystem

Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.