Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-0470

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

CVE
Open in Source
#xss#git
CVE-2023-0488

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.

GHSA-4jqw-vfmj-9rmh: Cross-site Scripting in yapi-vendor

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

GHSA-j8x7-qcw4-xx85: Cross-site Scripting (XSS) in serve-lite

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

CVE-2022-47052: NETGEAR/CVE-2022-47052 at main · dest-3/NETGEAR

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.

CVE-2023-0513: 存在存储型xss及未授权访问漏洞 · Issue #I68UYM · 王俊南/Dreamer CMS(梦想家CMS内容管理系统) - Gitee.com

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.

CVE-2023-22468: Stored XSS in local oneboxes

Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.

CVE-2023-22971: Zero Science Lab » Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.

CVE-2023-23949: Support Content Notification - Support Portal - Broadcom support portal

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

CVE-2022-46128: CVE/2022-46128 at main · Rajeshwar40/CVE

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.