Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2020-21967: Cross Site Scripting Issue in PrestaShop Using File Upload Functionality · Issue #20306 · PrestaShop/PrestaShop

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

CVE
Open in Source
#xss#vulnerability
CVE-2022-34358: Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516.

CVE-2022-32074: GitHub - osTicket/osTicket-plugins: Core plugins for osTicket (v1.8+)

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

CVE-2022-32065: Vulnerability: The html file can be uploaded where the avatar is uploaded, and its content not be filtered, which resulting in stored XSS in Ruoyi cms · Issue #118 · yangzongzhuan/RuoYi

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

CVE-2021-46827: 2021-072301 - JavaScript Injection Vulnerability in WebHelp Output

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

GHSA-wv8q-r932-8hc7: Svelte cross-site scripting prior to 3.49.0 due to when using objects during server-side rendering

The package svelte before 3.49.0 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.

CVE-2022-29602: Cross-Site Scripting in extension "Grid Elements" (gridelements)

The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS.

CVE-2022-33155: Cross-Site Scripting in extension "AMEOS - TarteAuCitron (GDPR cookie banner and tracking management / French RGPD compatible)" (ameos_tarteaucitron)

The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS.

CVE-2022-33154: Cross-Site Scripting in extension "Embedding schema.org vocabulary" (schema)

The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS.