#xss

A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.

Candy Redis version 2.1.2 appears to suffer from an administrative page disclosure issue.

Agop CMS version 1.0 suffers from an insecure direct object reference vulnerability.