#xss

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within

Video conferencing platform fixes cross-site scripting vulnerability

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Microweber versions 1.3.1 and prior are vulnerable to stored Cross-site Scripting (XSS). A patch is available on the 1.4, dev, and laravel-sail branches.

Categories: News Tags: lego Tags: bricklink Tags: cross site scripting Tags: bug Tags: flaw We take a look at how Lego's Bricklink service was potentially vulnerable to certain types of XSS attack. (Read more...) The post Lego's Bricklink steps on cross site scripting blocks appeared first on Malwarebytes Labs.

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component.

A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.

collective.contact.widget is an add-on is part of the collective.contact.* suite. A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.