Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-32091: WordPress POEditor plugin <= 0.9.4 - Cross Site Request Forgery (CSRF) to stored XSS vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

CVE
Open in Source
#xss#csrf#vulnerability#wordpress#auth
CVE-2023-32671: Multiple Vulnerabilities Budyboss | INCIBE-CERT

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

CVE-2023-32792: Multiple Vulnerabilities Nxlog Manager | INCIBE-CERT

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

CVE-2023-5351: SuiteCRM 7.14.1 Release · salesagility/SuiteCRM@c43eaa3

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.

API Security Trends 2023 – Have Organizations Improved their Security Posture?

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications. However, this increased reliance on

CVE-2023-4097: Multiple Vulnerabilities Idm Sistemas Qsige | INCIBE-CERT

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.

CVE-2023-5334: WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-44012: Vulnerability-Disclosures/2023/CVE-2023-44012 at main · Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.

CVE-2023-43267: CVE-2023-43267

A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.

CVE-2023-41580: GitHub - ehtec/phpipam-exploit

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.