Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-44361: ZZCMS2022 has a xss · Issue #1 · cri1stur/ZZcms

An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

CVE
Open in Source
#sql#xss#vulnerability#web#windows#php
Scammers Are Scamming Other Scammers Out of Millions of Dollars

On cybercrime forums, user complaints about being duped may accidentally expose their real identities.

CVE-2022-45217: CVE-2022-45217/CVE-2022-45217 at main · sudoninja-noob/CVE-2022-45217

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.

GHSA-vxwf-79ch-f7f7: baserCMS vulnerable to stored Cross-site Scripting

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

GHSA-7w2v-35j3-xrm9: baserCMS vulnerable to stored Cross-site Scripting

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-45122: MovableType.org – News: Movable Type 7 r.5401 (v7.9.6), v6.8.8: Security update

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2022-37406: RICOH Aficio SP 4210N vulnerable to cross-site scripting

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-42486: 2022/11/24 baserCMS における複数のクロスサイトスクリプティングの脆弱性

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-45008: bug_report/XSS-1.md at main · realguoxiufeng/bug_report

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.

CVE-2022-44153: Nitro Team Researches

Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).