Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-43356: GitHub - sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafte

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.

CVE
Open in Source
#xss#vulnerability#web#git#java#auth
GHSA-pqgm-9g82-wcm7: modoboa Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

GHSA-9wj3-cfq8-wpvj: modoboa Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-5688: DOM XSS in https://demo.modoboa.org/user/#profile/ in modoboa

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-5689: Merge pull request #3095 from modoboa/fix/xss_profile_form · modoboa/modoboa@d33d3cd

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-3965: nsc <= 1.0 - Prototype Pollution to Reflected Cross-Site Scripting — Wordfence Intelligence

The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-3933: GitHub - BlackFan/client-side-prototype-pollution: Prototype Pollution and useful Script Gadgets

The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-3962: Winters <= 1.4.3 - Prototype Pollution to Reflected Cross-Site Scripting — Wordfence Intelligence

The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-46287: Comparing nagvis-1.9.37...nagvis-1.9.38 · NagVis/nagvis

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

CVE-2023-5618: Changeset 2980695 for modern-footnotes – WordPress Plugin Repository

The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.