Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-42118: [LPE-17342] LSV-906: Reflected XSS with `tag` in Search

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.

CVE
Open in Source
#xss#vulnerability#web
CVE-2022-42111: [LPE-17379] LSV-936: Stored XSS with a shared asset name in notification

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.

CVE-2022-35613: CVE-ID: CVE-2022-35613

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

CVE-2022-42110: [LPE-17403] LSV-959: Stored XSS with announcement/alert type

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

CVE-2022-34317: IBM CICS TX cross-site scripting CVE-2022-34317 Vulnerability Report

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

CVE-2022-44390: EyouCMS v1.5.9 has multiple vulnerabilities, stored cross-site scripting (XSS) · Issue #31 · weng-xianhu/eyoucms

A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field.

CVE-2022-34315: IBM CICS TX Advanced is vulnerable to a cross-site scripting attack (CVE-2022-34315).

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451.

CVE-2022-43693: Release 8.5.10 · concretecms/concretecms

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

CVE-2022-3992

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.