#xss

CVE-2022-35721: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2022-35721)

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #windows #linux #java #auth #ibm

CVE-2022-40359

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

2 years ago

CVE

Open in Source

#xss #vulnerability #php

GHSA-w9mf-83w3-fv49: Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including version 19.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. Version 19.0.2 contains a patch for this issue. ### Credits Aytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM

2 years ago

ghsa

Open in Source

#xss #vulnerability #git #java #maven

CVE-2022-40215

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.

2 years ago

CVE

Open in Source

#xss #vulnerability #wordpress #auth

CVE-2022-36417: 3D Tag Cloud

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.