Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-31038: issues: sanitize `DisplayName` (#7009) · gogs/gogs@155cae1

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.

CVE
Open in Source
#xss#vulnerability#mac#windows#git#ldap#auth
CVE-2022-2015: 19.0.2 release · jgraph/drawio@3d3f819

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

CVE-2022-2036: Fix stored XSS security issue: decode HTML entities from URL · francoisjacquet/rosariosis@6e213b1

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.

CVE-2022-2027: 🔒 fixes three critical stored XSS vulnerabilities thanks @saharshtapi… · kromitgmbh/titra@e606b67

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE-2022-2028: Stored XSS in Project Name in titra

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE-2022-2029: Stored XSS in Task field in titra

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE-2022-2026: Stored XSS in Name in titra

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE-2019-25070

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2022-2020: vul/Prison Management System(XSS).md at main · ch0ing/vul

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-2016: Escaped the html of the balance fields before any other tests. Also a… · NeoRazorX/facturascripts@7b4ddb9

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.