Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-38167: Process Management and Workflow Automation Software - Nintex

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.

CVE
Open in Source
#xss#microsoft#git#intel
CVE-2022-44390: EyouCMS v1.5.9 has multiple vulnerabilities, stored cross-site scripting (XSS) · Issue #31 · weng-xianhu/eyoucms

A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.

CVE-2022-34317: IBM CICS TX cross-site scripting CVE-2022-34317 Vulnerability Report

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

CVE-2022-34315: IBM CICS TX Advanced is vulnerable to a cross-site scripting attack (CVE-2022-34315).

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.

CVE-2022-43693: Release 8.5.10 · concretecms/concretecms

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

CVE-2022-3992

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

CVE-2022-43342: Question - Stored XSS Vulnerability

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.

CVE-2021-40272: exploits/itrs_op5_monitor_xss.pdf at master · hosakauk/exploits

OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).

CVE-2022-3415

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message