Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-622w-995c-3c3h: Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

### Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [support@intranda.com](mailto:support@intranda.com)

ghsa
#xss#vulnerability#git#java#maven
GHSA-2r9r-8fcg-m38g: Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames

### Impact A cross-site scripting vulnerability has been identified in Goobi viewer core when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. ### Patches The vulnerability has been fixed in version 23.03 If you have any questions or comments about this advisory: * Email us at [support@intranda.com](mailto:support@intranda.com)

CVE-2023-29388: WordPress Product Catalog Simple plugin <= 1.6.17 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.

CVE-2023-29171: WordPress Magic Post Thumbnail plugin <= 4.1.10 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.

CVE-2023-29170: WordPress Product Enquiry for WooCommerce plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.

CVE-2023-28789: WordPress Contact Forms by Cimatti plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.

CVE-2023-28781: WordPress Contact Forms by Cimatti plugin <= 1.5.4 - Unauth. Stored Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.

CVE-2023-28792: WordPress Continuous Image Carousel With Lightbox plugin <= 1.0.15 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

CVE-2023-27620: WordPress Robo Gallery plugin <= 3.2.12 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.