Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-42856: Aternity Customer Success

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.

CVE
#xss#vulnerability
CVE-2021-33851: 2021-33851 - Stored Cross-Site Scripting in WordPress Customize Login Image

A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user opens the login page of the WordPress application.

CVE-2021-33852: CVE-2021-33852 - Stored Cross-Site Scripting in WordPress [Post Duplicator Plugin

A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. The application targets your application’s users and not the application itself, but it uses your application as the vehicle for the attack. The XSS payload executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.

CVE-2021-32005: Cybersecurity Advisory - Secomea

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.

CVE-2022-0906: Unrestricted file upload leads to stored XSS in microweber

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.

RHSA-2022:0055: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2014-3577: Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix * CVE-2021-21684: jenkins-2-plugins/git: stored XSS vulnerability * CVE-2021-4...

CVE-2022-24349: [ZBX-20680] Reflected XSSes in Zabbix Frontend (CVE-2022-24349, CVE-2022-24917, CVE-2022-24918, CVE-2022-24919)

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.

CVE-2022-22511: VDE-2022-004 | CERT@VDE

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.

CVE-2022-0877: Updated CSP with frame-src rules · BookStackApp/BookStack@856fca8

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.

CVE-2021-44478

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.