Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-43165: Stored Cross Site Scripting Vulnerability on "Global Variables" in rukovoditel 3.2.1 · Issue #5 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create".

CVE
Open in Source
#xss#vulnerability#web#php#auth
CVE-2022-43166: Stored Cross Site Scripting Vulnerability on "Entities List" in rukovoditel 3.2.1 · Issue #2 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity".

CVE-2022-43167: Stored Cross Site Scripting Vulnerability on "Users Alerts" in rukovoditel 3.2.1 · Issue #7 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add".

CVE-2022-43164: Stored Cross Site Scripting Vulnerability on "Global Lists" in rukovoditel 3.2.1 · Issue #4 · anhdq201/rukovoditel

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".

CVE-2022-3400: Vulnerability Advisories Continued - Wordfence

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.

CVE-2021-38728: SCSHOP/semcms-9.md at main · BigTiger2020/SCSHOP

SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.

CVE-2021-36858: WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.

CVE-2021-35388: Hospital-Management-System/xss.md at main · BigTiger2020/Hospital-Management-System

Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability