Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-47197: TALOS-2022-1686 || Cisco Talos Intelligence Group

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this vulnerability, an attacker can send an HTTP request to inject Javascript in a post to trick an administrator into visiting the post.A stored XSS vulnerability exists in the `codeinjection_foot` for a post.

CVE
Open in Source
#xss#vulnerability#web#mac#cisco#js#java#intel#auth#firefox
CVE-2022-40697: WordPress 3com – Asesor de Cookies plugin <= 3.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions.

The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows

The report highlights concerning security stats following two years of extreme tech growth.

CVE-2022-47105: jeecg-boot3.4.4 存在sql注入漏洞 · Issue #4393 · jeecgboot/jeecg-boot

Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.

SLIMS 9.5.2 Cross Site Scripting

SLIMS version 9.5.2 suffers from a cross site scripting vulnerability.

CVE-2022-4892

A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895.

CVE-2022-4235: RushBet 2022.23.1-b490616d - Universal XSS | Advisories | Fluid Attacks

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives.

CVE-2022-45922: Multiple post-authentication vulnerabilities including RCE (OpenText™ Extended ECM)

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

CVE-2023-22594: IBM Robotic Process Automation is vulnerable to Cross-Site Scripting.

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.