Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-2066: Sanitized username when showing user not found message. · NeoRazorX/facturascripts@73a6595

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.

CVE
Open in Source
#xss#git#auth
CVE-2022-31398

A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Researchers at DIVD found vulnerabilities in ITarian products and worked with the vendor to develop patches. These patches are now available. The post Serious vulnerabilities found in ITarian software, patches available for SaaS products appeared first on Malwarebytes Labs.

CVE-2022-2060: Merge branch 'develop' of [email protected]:Dolibarr/dolibarr.git into d… · Dolibarr/dolibarr@2b5b995

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.

CVE-2017-20043

A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2017-20044

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2022-27231: WP Statistics

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

CVE-2022-29894: GitHub - strapi/strapi: 🚀 Open source Node.js Headless CMS to easily build customisable APIs

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

CVE-2021-41749: craft-seomatic/CHANGELOG.md at develop · nystudio107/craft-seomatic

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

CVE-2018-25039: Auditando router thomson tcw710 | Alquimista de sistemas

A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.