Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-25575: Parking-management-systemXSS-/README.md at main · zangcc/Parking-management-systemXSS-

Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.

CVE
#xss#vulnerability#web#windows#git
CVE-2021-39491: [SECURITY] - Stored Cross-site Scripting while deleting a scan engine in the Scan Engine deletion confirmation modal box! · Issue #460 · yogeshojha/rengine

A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .

CVE-2022-0955: follow up to https://github.com/pimcore/data-hub/pull/462 · pimcore/data-hub@15d5b57

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.

CVE-2021-43659: Arbitrary file upload in the backend could cause a stored XSS vulnerability. · Issue #1522 · halo-dev/halo

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

CVE-2022-0145: Fix xss though the description in the info.xml file of a theme or module · forkcms/forkcms@981730f

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.

CVE-2022-0750: Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.

CVE-2022-25609: WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.

CVE-2022-25221: Money Transfer Management System 1.0 - DOM-Based XSS | Fluid Attacks

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code.

CVE-2022-0889: Vulnerability Advisories - Wordfence

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.