Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-43721: Markdown type note XSS issue · Issue #364 · leanote/desktop-app

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>

CVE
Open in Source
#xss#apple#git
CVE-2021-43725: Update SpotPage_login.php · spotweb/spotweb@2bfa001

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

CVE-2021-44211: OX App Suite 7.10.5 Cross Site Scripting ≈ Packet Storm

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.

CVE-2022-26255: [Bug]: Remote Code Execution/远程代码执行 · Issue #2710 · Fndroid/clash_for_windows_pkg

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.

CVE-2021-40906: Infrastructure & Application Monitoring with Checkmk

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.

CVE-2022-26197: PoC A Stored Cross-Site Scripting (XSS) vulnerability in Joget DX 7 - Datalist table (CVE-2022-26197)

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.

CVE-2022-24643: OpenEMR 0-day Stored XSS Vulnerability (CVE-2022-24643) | Security for Everyone

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

CVE-2022-27920: Release 10.1.0 · Issue #728 · kiwix/libkiwix

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

CVE-2022-25612: WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

CVE-2022-25611: WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].