Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

CVE
#xss#vulnerability#web#apache#auth
CVE-2017-20087: Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

CVE-2017-20089

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.

CVE-2017-20085: Cross-Site Scripting in Atahualpa WordPress Theme

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.

GHSA-3x96-m42v-hvh5: Cross-site Scripting in Microweber

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.

CVE-2022-32159: Open Source Vulnerability Database | Mend

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.

CVE-2022-23081: Open Source Vulnerability Database | Mend

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.

GHSA-q754-vwc4-p6qj: Authenticated Stored Cross-site Scripting in Shopware

### Impact Authenticated Stored XSS in Administration ### Patches We recommend updating to version 5.7.12. You can get the update to 5.7.12 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/de/changelog-sw5/#5-7-12 For older versions you can use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html ### References https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2022

WordPress Download Manager 3.2.43 Cross Site Scripting

WordPress Download Manager plugin versions 3.2.43 and below suffer from a cross site scripting vulnerability.

Zoo Management System 1.0 Cross Site Scripting

Zoo Management System version 1.0 suffers from a cross site scripting vulnerability.