Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-2396: CVE/POC.md at 83c243538386cd0761025f85eb747eab7cae5c21 · CyberThoth/CVE

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#php#chrome#webkit
CVE-2022-32308: Use unspoofable Messenger.origin to determine privilege level of ports · Issue #1992 · uBlockOrigin/uBlock-issues

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

CVE-2020-21967: Cross Site Scripting Issue in PrestaShop Using File Upload Functionality · Issue #20306 · PrestaShop/PrestaShop

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

CVE-2022-34358: Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516.

CVE-2022-32074: GitHub - osTicket/osTicket-plugins: Core plugins for osTicket (v1.8+)

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

CVE-2022-32065: Vulnerability: The html file can be uploaded where the avatar is uploaded, and its content not be filtered, which resulting in stored XSS in Ruoyi cms · Issue #118 · yangzongzhuan/RuoYi

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

CVE-2022-32274

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

CVE-2021-46827: 2021-072301 - JavaScript Injection Vulnerability in WebHelp Output

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

GHSA-wv8q-r932-8hc7: Svelte cross-site scripting prior to 3.49.0 due to when using objects during server-side rendering

The package svelte before 3.49.0 is vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.