Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#google#git#java#wordpress#auth
Osprey Pump Controller 1.0.1 Cross Site Scripting

Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice USN-5899-1

Ubuntu Security Notice 5899-1 - It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting attacks.

Red Hat Security Advisory 2023-0970-01

Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.

CVE-2023-25807: Merge pull request #4596 from dataease/pr@dev@refactor_xss-attack · dataease/dataease@cc94fb8

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3.

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses

Armed with personal data fragments, a researcher could also access 185 million citizens’ PII

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves

GHSA-c2rc-8m9f-g4fh: Microweber Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber 1.3.2 and prior. A patch is available and anticipated to be part of version 1.3.3.

CVE-2023-1081: fix of #990 · microweber/microweber@29d4184

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.