Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-w3qm-93vf-5hrw: Cockpit Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. For any role that has permission to execute function assets, an attacker can upload a html file and that leads to XSS.

ghsa
Open in Source
#xss#vulnerability#git
CVE-2023-4196: Prevent uploading .phps + .html files in assets manager · Cockpit-HQ/Cockpit@039a00c

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

CVE-2023-37581

Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?

CVE-2023-4175

A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.

CVE-2023-4174

A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.

CVE-2023-4173

A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.

CVE-2023-32600: WordPress Rank Math SEO plugin <= 1.0.119 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.

CVE-2023-37874: WordPress HTTP Headers plugin <= 1.18.11 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.

CVE-2023-37873: WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

CVE-2023-36678: WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.