Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-44948: Stored Cross Site Scripting Vulnerability on "Entities groups" in rukovoditel 3.2.1 · Issue #8 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".

CVE
Open in Source
#xss#vulnerability#web#php#auth
CVE-2022-44947: Stored Cross Site Scripting Vulnerability on "Highlight row" in rukovoditel 3.2.1 · Issue #13 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".

CVE-2022-44946: Stored Cross Site Scripting Vulnerability on "Help system" in "Add page" function in rukovoditel 3.2.1 · Issue #15 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

CVE-2022-44944: Stored Cross Site Scripting Vulnerability on "Help system" in "Add announcement" function in rukovoditel 3.2.1 · Issue #14 · anhdq201/rukovoditel

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.

CVE-2022-4271

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.

IBM Websphere Application Server 7.0 Cross Site Scripting

IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.

CVE-2022-45215: Book Store Management System Project using PHP CodeIgniter 3 Free Source Code

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module.

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.

Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities

Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and