Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-44950

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

CVE
Open in Source
#xss#vulnerability#web#php
CVE-2022-44949: Stored Cross Site Scripting Vulnerability on "Fields Configuration" in "Short Name" field in rukovoditel 3.2.1 · Issue #12 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.

CVE-2022-44948: Stored Cross Site Scripting Vulnerability on "Entities groups" in rukovoditel 3.2.1 · Issue #8 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".

CVE-2022-44947: Stored Cross Site Scripting Vulnerability on "Highlight row" in rukovoditel 3.2.1 · Issue #13 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".

CVE-2022-44946: Stored Cross Site Scripting Vulnerability on "Help system" in "Add page" function in rukovoditel 3.2.1 · Issue #15 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

CVE-2022-44944: Stored Cross Site Scripting Vulnerability on "Help system" in "Add announcement" function in rukovoditel 3.2.1 · Issue #14 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

CVE-2022-4271

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.

IBM Websphere Application Server 7.0 Cross Site Scripting

IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.

CVE-2022-45215: Book Store Management System Project using PHP CodeIgniter 3 Free Source Code

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.