Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-47603: WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2022-47610: WordPress Simple Image Popup plugin <= 1.3.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr Digital Simple Image Popup plugin <= 1.3.6 versions.

CVE-2022-47607: WordPress Usersnap plugin <= 4.16 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Usersnap plugin <= 4.16 versions.

GHSA-7j98-h7fp-4vwj: smarty Cross-site Scripting vulnerability in Javascript escaping

### Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. ### Patches Please upgrade to the most recent version of Smarty v3 or v4. ### For more information If you have any questions or comments about this advisory please open an issue in [the Smarty repo](https://github.com/smarty-php/smarty)

GHSA-rp78-4562-gx3c: pimcore is vulnerable to cross-site scripting in translate module

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-3r5c-h7g6-cqw7: pimcore is vulnerable to cross-site scripting in classes module

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-69fc-v223-6rjw: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-6mmf-qm37-pmgg: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE-2022-47596: WordPress Media Library Categories plugin <= 1.9.9 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.

CVE-2023-26292: Forcepoint Customer Hub

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.