Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-24582: CVE-nu11secur1ty/vendors/oretnom23/2022/Accounting-Journal-Management at main · nu11secur1ty/CVE-nu11secur1ty

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.

CVE
#xss#ios#git
CVE-2021-43724: this is Cross Site Scripting (XSS) · Issue #890 · intelliants/subrion

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

CVE-2022-24620: Piwigo-12.2.0 Vulnerable For Stored XSS Which Is Leading To Privilege Escalation · Issue #1605 · Piwigo/Piwigo

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

CVE-2021-44607: A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 · Issue #589 · daylightstudio/FUEL-CMS

A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.

CVE-2021-44608: 'Multiple' Cross-Site Scripting (XSS) (Authenticated) · Issue #12 · alexlang24/bloofoxCMS

Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.

CVE-2021-43943: [JSDSERVER-10980] Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.

CVE-2021-26092: Fortiguard

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

CVE-2022-0719: Update UrlManager.php · microweber/microweber@a5925f7

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

CVE-2022-24564: Persistant XSS in Custom User Attributes

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

CVE-2021-26256: Survey Maker

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).