Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

WordPress Beautiful Cookie Consent Banner 2.10.1 Cross Site Scripting

WordPress Beautiful Cookie Consent Banner versions 2.10.1 and below suffer from an unauthenticated persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#js#java#wordpress#intel#php#auth
CVE-2022-45366: WordPress Slimstat Analytics plugin <= 5.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.

GHSA-qvq8-cw7f-m7m4: Apache JSPWiki vulnerable to cross-site scripting on several plugins

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

CVE-2022-46907

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

CVE-2023-33829

A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.

CVE-2022-42225: Multiple XSS

Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission.

CVE-2023-33789: Stored Cross Site Scripting Vulnerability in "Create Contact Groups" function in Netbox 3.5.1 · Issue #7 · anhdq201/netbox

A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

CVE-2023-33790: Stored Cross Site Scripting Vulnerability in "Create Locations" function in Netbox 3.5.1 · Issue #9 · anhdq201/netbox

A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

CVE-2023-33787: Stored Cross Site Scripting Vulnerability in "Create Tenant Groups" function in Netbox 3.5.1 · Issue #6 · anhdq201/netbox

A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.