#xss

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit 2.6.2 and prior. A patch is available at commit 34ab31ee9362da51b9709e178469dbffd7717249.

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

By Deeba Ahmed MoustachedBouncer is a Belarusian government-backed hacking group that has been active since 2014. This is a post from HackRead.com Read the original post: MoustachedBouncer Hackers Caught Spying on Embassies

### Impact Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) bug. ### Patches The bug has been fixed in `v0.0.20`. ### Workarounds Upgrading Critters version to `>0.0.20` is the easiest fix. This is a non breaking version upgrade so we recommend all users to use `v0.0.20`.

Cross Site Scripting (XSS) vulnerability in `UserController.php` in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted `user_login`.

Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.

Cross Site Scripting (XSS) vulnerability in `adm_user` parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.