Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-fpjc-cxr6-w6h8: usememos/memos vulnerable to stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

ghsa
Open in Source
#xss#git
CVE-2023-0112: chore: add skipper for secure (#913) · usememos/memos@46c13a4

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0106

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2023-0107

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.

CVE-2022-39072: Security Bulletin Details

There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.

CVE-2022-44870: CVE-2022-44870/README.md at main · Cedric1314/CVE-2022-44870

A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

GHSA-x347-fc9w-w7c3: Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

CVE-2021-32828: nuxeo/OAuth2Callback.java at master · nuxeo/nuxeo

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

CVE-2023-22455: SECURITY: escape quotes in tag description when rendering (#19730) · discourse/discourse@6923298

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch.

CVE-2023-22454: XSS through pending post titles descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.