Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-1466

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.

CVE
#xss#vulnerability#web#linux#red_hat#js#oauth#auth
CVE-2021-26628: KISA 인터넷 보호나라&KrCERT

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.

CVE-2021-36867: WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.

CVE-2022-27854: Psychological tests & quizzes

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter.

CVE-2021-36895: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.

CVE-2022-28218: Webmail Messenger release notes - CipherMail Email Encryption

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).

WordPress Coru LFMember 1.0.2 Cross Site Scripting

WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

Gitlab 14.9 Cross Site Scripting

Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.

WordPress WP-Invoice 4.3.1 Cross Site Scripting

WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.