Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an

The Hacker News
Open in Source
#xss#vulnerability#java#vmware#auth#The Hacker News
CVE-2022-43144: GitHub - mudassiruddin/CVE-2022-43144-Stored-XSS: PoC to exploit CVE-2022-43144

A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-33322: JVNVU#96767562: 三菱電機製家電製品における複数の脆弱性

Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.

CVE-2022-27914: Joomla! Developer Network

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.

CVE-2022-30545: WordPress 5 Anker Connect plugin <= 1.2.6 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.

CVE-2022-32776: WordPress Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.

CVE-2022-41980: WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.

CVE-2022-44741: Testimonial Slider

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

CVE-2022-41136: WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.

CVE-2022-27858: Activity Log

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.