Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

SuperCali 1.1.0 Cross Site Scripting

SuperCali version 1.1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#php#auth
GHSA-6xv9-957j-qfhg: Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnerability. ### Details Need permission to use the "data import" function. This was reproduced on Label Studio 1.10.1. ### PoC 1. Create a project. ![Create a project](https://github.com/HumanSignal/label-studio/assets/3943358/9b1536ad-feac-4238-a1bd-ca9b1b798673) 2. Upload a file containing the payload using the "Upload Files" function. ![2 Upload a file containing the payload using the Upload Files function](https://github.com/HumanSignal/label-studio/assets/3943358/26bb7af1-1cd2-408f-9adf-61e31a5b7328) ![3 complete](https://github.com/HumanSignal/label-studio/assets/3943358/f2f62774-1fa6-4456-9e6f-8fa1ca0a2d2e) The following are the contents of the files used in the PoC ``` { "data": { "prompt": "...

GHSA-66c2-p8rh-qx87: baserCMS Cross-site Scripting vulnerability in Site search Feature

There is a XSS Vulnerability in Site search Feature to baserCMS. ### Target baserCMS 5.0.8 and earlier versions ### Vulnerability Malicious code may be executed in Site search Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_73283159

GHSA-jjxq-m8h3-4vw5: baserCMS Cross-site Scripting vulnerability in Content Management

There is a XSS Vulnerability in Content Management Feature to baserCMS. ### Target baserCMS 5.0.8 and earlier versions ### Vulnerability Malicious code may be executed in Content Management Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_73283159

GHSA-pcm8-qqrp-w6qf: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

GHSA-38m8-5gfc-663g: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.

GHSA-c579-hhw5-cr3p: Enhavo Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.

CMS Made Simple 2.2.19 Cross Site Scripting

CMS Made Simple version 2.2.19 suffers from a persistent cross site scripting vulnerability.

SitePad 1.8.2 Cross Site Scripting

SitePad version 1.8.2 suffers from a persistent cross site scripting vulnerability.