Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-42000: Security:Security Advisories/BSSA-2022-04 - BlueSpice Wiki

Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.

CVE
Open in Source
#xss#vulnerability
CVE-2022-3895: Security:Security Advisories/BSSA-2022-08 - BlueSpice Wiki

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

CVE-2022-3893: Security:Security Advisories/BSSA-2022-06 - BlueSpice Wiki

Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.

CVE-2022-42001: Security:Security Advisories/BSSA-2022-05 - BlueSpice Wiki

Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.

RHSA-2022:8057: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-216...

CVE-2022-42060: Vulnerabilities in Tenda's W15Ev2 AC1200 Router

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

CVE-2022-40847: Vulnerabilities in Tenda's W15Ev2 AC1200 Router

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

CVE-2022-42119: CVE-2022-42119 Stored XSS with ERC in Commerce catalog - Liferay Portal - Liferay Faces

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

CVE-2022-42118: [LPE-17342] LSV-906: Reflected XSS with `tag` in Search

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.

CVE-2022-42111: [LPE-17379] LSV-936: Stored XSS with a shared asset name in notification

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.