Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-42118: [LPE-17342] LSV-906: Reflected XSS with `tag` in Search

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.

CVE
Open in Source
#xss#vulnerability#web
CVE-2022-35613: CVE-ID: CVE-2022-35613

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

CVE-2022-42110: [LPE-17403] LSV-959: Stored XSS with announcement/alert type

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

CVE-2022-44390: EyouCMS v1.5.9 has multiple vulnerabilities, stored cross-site scripting (XSS) · Issue #31 · weng-xianhu/eyoucms

A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.

CVE-2022-34317: IBM CICS TX cross-site scripting CVE-2022-34317 Vulnerability Report

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

CVE-2022-34315: IBM CICS TX Advanced is vulnerable to a cross-site scripting attack (CVE-2022-34315).

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.

CVE-2022-43693: Release 8.5.10 · concretecms/concretecms

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

CVE-2022-3992

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.