Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-1704

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE
Open in Source
#xss#git
CVE-2023-1702: Security fix in Predefined section (#14721) · pimcore/pimcore@2b99773

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE-2023-1701

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE-2023-1703: [Task] Optimized composite index key (#14636) · pimcore/pimcore@765832f

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE-2023-1575: Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting — Wordfence Intelligence

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE-2023-26982: Trudesk Cloud - Free cloud & open-source help desk + CRM

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.

CVE-2022-47444: WordPress Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content – ProfilePress plugin <= 4.5.3 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.

CVE-2022-47433: WordPress Multi Rating plugin <= 5.0.5 - Cross Site Scripting (XSS) - Patchstack

Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.

CVE-2022-47438: WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Cross Site Scripting (XSS) - Patchstack

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.

CVE-2023-28158

Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.