Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-g5hp-328h-jj98: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

ghsa
Open in Source
#xss#vulnerability#git#php
GHSA-7q5f-29gx-57ff: Cross-site Scripting (XSS) in microweber/microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

GHSA-j4vj-w5rj-8grw: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-46040: GetSimplecms exists to store xss

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.

CVE-2023-5861: update · microweber/microweber@6ed7ebf

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-5867

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-5864: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@b3e5a05

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

CVE-2023-5863

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

CVE-2023-43797: Merge pull request from GHSA-v6wg-q866-h73x · bigbluebutton/bigbluebutton@304bc85

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds.

CVE-2023-45671: Reflected XSS through `/<camera_name>` API endpoints (GHSL-2023-195)

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javasc...