Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Drupal H5P Module 2.0.0 Zip Slip Traversal

Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.

Packet Storm
Open in Source
#xss#vulnerability#windows
CVE-2022-43487: Salon Booking System

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2022-43499: JVN#86350682: Multiple vulnerabilities in SHIRASAGI

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

CVE-2022-43504: WordPress 6.0.3 Security Release

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.

CVE-2022-41830: 京セラ製複合機・プリンターのセキュリティー脆弱性について | 京セラドキュメントソリューションズ

Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

CVE-2022-46391: fix cross site scripting by rekter0 · Pull Request #226 · eldy/AWStats

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

CVE-2022-4279: bug-report/sourcecodester/oretnom23/hrm/employee-view-xss at main · leecybersec/bug-report

A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.

GHSA-qv6c-367r-3w6q: XBlock vulnerable to Cross-Site Scripting (XSS)

### Impact XSS Vulnerability in multiple XBlock Fields. Any platform that has deployed the XBlock will be impacted. ### Patches https://github.com/openedx/xblock-drag-and-drop-v2/commit/53c4482f9bb6d8c7ccdf5253bd82c84a222b2492 The fix is compatible with all Open edX releases newer than Lilac. ### Workarounds None. ### References https://github.com/openedx/xblock-drag-and-drop-v2/pull/295#issuecomment-1277693864