Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2016-2138: Block XSS in wget commands (file links) · ikoniaris/kippo-graph@e6587ec

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

CVE
Open in Source
#xss#vulnerability#php
CVE-2022-35882: WordPress GS Testimonial Slider plugin <= 1.9.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.

CVE-2022-1948

An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.

Loan Management System 1.0 Cross Site Scripting

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Automated dynamic application security testing with RapiDAST and cross-team collaboration

Red Hat Product Security has been developing RapiDAST, a tool that can be used for security testing of products and services. DAST stands for dynamic application (or analysis) security testing. In this article, we introduce the tool and ideas that can help you with applying DAST into your software development life cycle.

CVE-2022-36985: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

CVE-2022-36984: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.

CVE-2022-36997: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

CVE-2022-36996: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.

CVE-2022-36999: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.