Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-2383

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVE
#xss#wordpress
CVE-2022-2375

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues

CVE-2022-2932: Update dependencies 8/18/22 (#771) · bustle/mobiledoc-kit@f3fdaa5

Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.

CVE-2022-2890: Cross-site Scripting (XSS) - Stored in yetiforcecrm

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CVE-2022-1340: YetiForce CRM ver. 6.4.0 (#16359) · YetiForceCompany/YetiForceCRM@2c14baa

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CVE-2022-36251: bug_report/XSS-1.md at main · ZhenKaiHe/bug_report

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.

GHSA-rjvc-mf7r-ch7r: Cross site scripting in yetiforce/yetiforce-crm

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

CVE-2022-2885

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

GHSA-qwp3-5fw3-5wgv: Incorrect Access Control and Cross Site Scripting in Jellyfin

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to performe a cross site scripting attack.

CVE-2022-35554: Reflected XSS in SmartVista Cardgen version 3.28.0 (CVE-2022-35554)

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.