Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-37504

A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.

CVE
#xss#vulnerability#web#mac#js#java
CVE-2022-24329: JetBrains Security Bulletin Q4 2021 | Company Blog

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CVE-2022-24347: JetBrains Security Bulletin Q4 2021 | JetBrains News

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon.

CVE-2022-24612: /!\Security · Issue #114 · EyesOfNetworkCommunity/eonweb

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.

CVE-2022-24948

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.

CVE-2021-45229

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

CVE-2021-34361: XSS Vulnerabilities in Proxy Server - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later

CVE-2022-24709: Build software better, together

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.

CVE-2022-25307: WordPress Plugin WP Statistics >= 13.1.5 - Unauthenticated Stored Cross-Site Scripting in platform

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.

CVE-2022-0710: Reflected XSS in Header Footer Code Manager

The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.