CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

【Vulnerability Description】  
There is a Cross Site Scripting attack (XSS) vulnerability in the full version of JavaQuarkBBS. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module.

【Vulnerability Type】  
Cross Site Scripting (XSS)

【Affected Version】  
<=v2

【Vulnerability Verification】  
Find the Background Label Management module, select the new location and enter  
`<script>alert(“标签管理名称”)<script>`  
![1](https://user-images.githubusercontent.com/89822929/147525408-b64baffd-be6e-4478-a634-86d94e43b2c3.jpg)

`<script>alert(“标签详情”)<script>`  
![2](https://user-images.githubusercontent.com/89822929/147525485-f1ae4da8-8756-4125-b86f-8b42874b8a10.jpg)

【Repair Suggestions】  
Strict filtering of user input data

Headline

CVE-2021-46030: There are two stored XSS in JavaQuarkBBS · Issue #23 · ChinaLHR/JavaQuarkBBS

CVE: Latest News