Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-31373: GitHub - badboycxcc/SolarView_Compact_6.0_xss

SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.

CVE
Open in Source
#xss#vulnerability#web#git#php
CVE-2022-31302: There are four storage XSS vulnerabilities · Issue #1 · maccmspro/maccms8

maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

CVE-2022-31303: 后台服务器组中存在XSS漏洞 · Issue #20 · maccmspro/maccms10

maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-23074: Mend Vulnerability Database

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

CVE-2022-23073: Mend Vulnerability Database

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

CVE-2022-23072: Mend Vulnerability Database

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart� functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

GHSA-27g3-58v4-fg9w: Cross-site Scripting in Microweber

Microweber versions 1.2.17 and prior are vulnerable to cross-site scripting. A patch is available on the `dev laravel9-php8` branch of the repository.

SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting

SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability.

Red Hat Security Advisory 2022-4947-01

Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.