Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-2924: Improved data display on some widgets · YetiForceCompany/YetiForceCRM@b716ece

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.

CVE
#xss#git
CVE-2022-38550: The JEESNS has a storage-type XSS vulnerability · Issue #1 · Pick-program/JEESNS

A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-38545: A XSS bug that can execute code(用户恶意修改 评论 的ua可触发XSS执行代码) · Issue #400 · xCss/Valine

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

CVE-2022-38527: UCMS-v1.6/UCMS_v1.6.0 XSS.md at gh-pages · Zoe0427/UCMS-v1.6

UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.

CVE-2022-38339: FME Community

Safe Software FME Server v2022.0.1.1 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.

CVE-2022-23766: KISA 인터넷 보호나라&KrCERT

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.

Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion

Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.

Genesys PureConnect Cross Site Scripting

Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.

CVE-2022-3036

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)