Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Password theft bug chain patched in Passwordstate credential manager

Flaws could be combined to grab passwords in cleartext

PortSwigger
#xss#vulnerability#ios#pdf#hard_coded_credentials#auth
Senayan Library Management System 9.2.2 Cross Site Scripting

Senayan Library Management System version 9.2.2 suffers from a cross site scripting vulnerability.

CVE-2022-44449: GitHub - zenphoto/zenphoto: The Zenphoto open-source gallery and CMS project

Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

GHSA-g662-qq45-ppwm: Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.

CVE-2022-25929: Snyk Vulnerability Database | Snyk

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.

GHSA-3mmh-vq9w-4c3g: Microweber vulnerable to Reflected Cross-site Scripting

Microweber versions 1.3.1 and prior are vulnerable to Reflected Cross-site Scripting (XSS). A patch is available on the 1.4, dev, and laravel-sail branches.

CVE-2022-4617: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

GHSA-9p8j-hrgf-jc2g: Apache Zeppelin Cross-site Scripting vulnerability

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.

CVE-2022-38391: Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related IBM WebSphere Application Server Liberty and FasterXML jackson-databind

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.

CVE-2022-46771: IBM UrbanCode Deploy (UCD) cross-site scripting CVE-2022-46771 Vulnerability Report

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.