Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-4514

A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability.

CVE
#xss#vulnerability#php
CVE-2022-4513

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability.

CVE-2022-23474: GHSL-2022-028: Copy/paste cross-site scripting (XSS) in codex-team

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.

CVE-2021-36572: Cross Site Scripting Vulnerability On Feehi CMS · Issue #58 · liufee/cms

Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.

CVE-2021-36573: Cross Site Scripting On Image Upload Via File Name · Issue #59 · liufee/cms

File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.

CVE-2020-21219: Prevent ACME output from being interpreted as HTML. Fixes #9888 · pfsense/FreeBSD-ports@a6f443c

Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

CVE-2021-39427: 188Jianzhan V 2.10 XSS vulnerability exists · Issue #4 · vtime-tech/188Jianzhan

Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.

CVE-2021-39428: There is a vulnerability in eyuCMS v1.5.4 could cause Cross site Scripting(XSS) · Issue #14 · weng-xianhu/eyoucms

Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

CVE-2022-44235: VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS) · Issue #1 · liong007/Zed-3

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS).

CVE-2022-45033: cve-request/cve-poc-payload at main · cyb3r-n3rd/cve-request

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.