CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Discovered by Edward Prior on behalf of The Missing Link Security

**Vulnerability Details**

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the user profile data fields. Which could be leveraged to escalate privileges within and compromise any account that views their user profile.

**Affected Versions**

Discovered in: 19.0

**Fixed Versions**

Fixed In: 19.0 minor release

Headline

CVE-2022-40288: Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality.

CVE: Latest News