Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-47094: Virtualmin-7.7/CVE-2023-47094 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Account Plans tab of System Settings via the Plan Name field. Whenever the module is accessed, the XSS payload is executed.

CVE
#xss#vulnerability#git
CVE-2023-47098: Virtualmin-7.7/CVE-2023-47098 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripting (XSS) vulnerability exists in the Create Extra Administrator tab via the "Real name or description" field.

CVE-2023-47099: Virtualmin-7.7/CVE-2023-47099 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Create Virtual Server functionality allows XSS attacks against anyone who accesses the Virtual Server Summary tab.

CVE-2023-47095: Virtualmin-7.7/CVE-2023-47095 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Custom Fields feature of Edit Virtual Server under System Customization allows XSS.

CVE-2023-47097: Virtualmin-7.7/CVE-2023-47097 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Server Templates feature under System Settings allows XSS.

CVE-2023-47096: Virtualmin-7.7/CVE-2023-47096 at main · pavanughade43/Virtualmin-7.7

An issue was discovered in Virtualmin 7.7. The Cloudmin Services Client under System Settings allows XSS.

CVE-2023-39695: Vulns/Insufficient Session Expiration - Elenos.md at 35fe4fb3d5945b5df2a87aab0cf9ec6137bcf976 · strik3r0x1/Vulns

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.

CVE-2023-37833: Vulns/BAC leads to access Traps configurations.md at main · strik3r0x1/Vulns

Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.

CVE-2023-46378: Minicms1.1.1 Exists storage xss

Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.

GHSA-jg7w-cxjv-98c2: `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed in github.com/authzed/spicedb

When the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Example output: ``` terminated with errors error="unable to create migration driver for postgres: parse \"postgres://spicedb:<PASSWORD IN PLAINTEXT>": invalid port \"<PASSWORD IN PLAINTEXT>\" after host" ```