Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-5903: STORED XSS in Journal-> Sections in pkp-lib

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE
Open in Source
#xss#vulnerability#web#google#git#auth
CVE-2023-5904: Stored xss using journal-name in journal-tab in pkp-lib

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-5901: Cross-Site Scripting ( XSS) Via file upload in pkp-lib

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CVE-2023-45556

Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

CVE-2023-4810: What is stored XSS (cross-site scripting)? Tutorial & Examples | Web Security Academy

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2023-5771: Proofpoint Enterprise Protection Cross-Site-Scripting in AdminUI via Email Subject Vulnerability | Proofpoint US

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.

CVE-2023-5605

The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2023-5530

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue

CVE-2023-5354

The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVE-2023-5228

The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).