Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Magnolia CMS 6.2.19 Cross Site Scripting

Magnolia CMS versions 6.2.19 and below suffer from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#csrf#vulnerability#web#windows#linux#js#java#auth#docker#firefox
CVE-2021-31678: GitHub - RO6OTXX/pescms_vulnerability

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.

Vulnerability Management news and publications #1

Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management. On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are arguments in favor of news reviews. […]

The End of False Positives for Web and API Security Scanning?

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.  Today, ImmuniWeb

CVE-2022-35229: [ZBX-21306] Reflected XSS in discovery page of Zabbix Frontend [CVE-2022-35229]

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

CVE-2022-35230: [ZBX-21305] Reflected XSS in graphs page of Zabbix Frontend [CVE-2022-35230]

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

CVE-2022-32533: security - CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

GHSA-c58j-88f5-h53f: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

### Impact pycares versions < 4.2.0 are affected by [CVE-2021-3672](https://nvd.nist.gov/vuln/detail/CVE-2021-3672). ### Patches Update to version 4.2.0.

CVE-2022-33075: Quizzes and Trivia | Zoo

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.

CVE-2022-34879: vicidial.org • View topic - Recommended VICIdial Security Upgrade Notice: April 2022

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.