Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-30210: OURPHP <=v7.2.0 ourphp_tz.php Reflection xss

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.

CVE
Open in Source
#xss#vulnerability#web#php
CVE-2022-27979: security-advisories/20220321-tooljet-xss.md at main · fourcube/security-advisories

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.

GHSA-wqm8-jx8r-8rcq: Cross-site scripting vulnerabilities in old version of bundled TinyMCE

An old version of TinyMCE include an XSS vulnerability, which was patched in a later version. This was described by TinyMCE: > A cross-site scripting (XSS) vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower and TinyMCE 5.4.0 or lower. We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS. Reported by: Developers at ACC

GHSA-4wfq-jc9h-vpcx: Lack of domain validation in Druple core

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. Drupal 7 core does not include the Media module and therefore is not affected.

qdPM 9.1 Cross Site Scripting

qdPM version 9.1 suffers from a cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to Mehmet Emiroglu in 2019.

Red Hat Security Advisory 2023-1953-01

Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-1866-01

Red Hat Security Advisory 2023-1866-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.58. Issues addressed include a cross site scripting vulnerability.

PHP Restaurants 1.0 SQL Injection / Cross Site Scripting

PHP Restaurants version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and a cross site scripting vulnerability. Original discovery of SQL injection in this version is attributed to Nefrit ID in February of 2022.

CVE-2022-25276: Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.

CVE-2023-30267: HuBenVulList/CLTPHP6.0 Reflected cross-site scripting(XSS).md at main · HuBenLab/HuBenVulList

CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.