Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-40317: Reported XSS vulnerability by monkiki · Pull Request #336 · openkm/document-management-system

OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.

CVE
Open in Source
#xss#vulnerability#git#java
CVE-2022-34165: IBM WebSphere Application Server HTTP injection CVE-2022-34165 Vulnerability Report

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.

mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting

mbDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.

AirDisk 7.5.5 Cross Site Scripting

AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.

CVE-2022-38068: Export Post Info

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress.

CVE-2022-35725

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.

CVE-2022-36356

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.

CVE-2022-35275

Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress.

CVE-2022-40191: Contact Form By Mega Forms – Drag and Drop Form Builder

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

CVE-2022-2925

Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.