Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-40373: Unauthorized upload of XML file to execute XSS · Issue #67 · liufee/cms

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

CVE
#xss#vulnerability#git#auth
CVE-2022-40002: Cross Site Scripting Vulnerability On Feehi CMS · Issue #66 · liufee/cms

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.

CVE-2022-40001: Cross Site Scripting Vulnerability On Feehi CMS · Issue #65 · liufee/cms

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.

CVE-2022-40000: Cross Site Scripting Vulnerability On Feehi CMS · Issue #64 · liufee/cms

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Persistent Cross Site Scripting

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username persistent cross site scripting vulnerability.

API Flaws in Lego Marketplace Put User Accounts, Data at Risk

Attackers also could breach internal production data to compromise a corporate network using vulnerabilities found in the BrickLink online platform.

CVE-2022-28703: TALOS-2022-1532 || Cisco Talos Intelligence Group

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-32763: TALOS-2022-1541 || Cisco Talos Intelligence Group

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.  Most startup CTOs have an excellent understanding of how to build highly functional

CVE-2022-4410: Changeset 2833667 for permalink-manager – WordPress Plugin Repository

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.