Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-30256: Open Source and Free Hotel Booking Management Software | QloApps

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.

CVE
Open in Source
#xss#vulnerability#web#google#amazon#php#aws#auth#ssl
CVE-2023-2490: WordPress UserAgent-Spy plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.

GHSA-m6m9-gr85-79vm: Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch ### References https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6/

GHSA-q7cc-m6jw-m262: Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f.patch ### References https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a/

CVE-2023-32070: XRENDERING-663: Restrict allowed attributes in HTML rendering · xwiki/xwiki-rendering@c40e2f5

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.

CVE-2023-0007: CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.

CVE-2023-2630: fixed sql injection in translation api (#14952) · pimcore/pimcore@7e32cc2

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

VOTAB Voting Quiz PHP Script 1.0 Cross Site Scripting

VOTAB Voting Quiz PHP Script version 1.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2023-2111-01

Red Hat Security Advisory 2023-2111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.16.

CVE-2022-47600: WordPress Mass Email To users plugin <= 1.1.4 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions.