Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-27168: GitHub - litecart/litecart: LiteCart is a superfast e-commerce platform. Free for everyone to use. Built with the obession of lightweight using PHP, jQuery HTML 5 and CSS 3.

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVE
Open in Source
#sql#xss#vulnerability#web#mac#apache#git#java#php
CVE-2022-27910: DOCman - Changelog

In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function

GHSA-gmh3-x5w7-jg5m: Cross-site Scripting in Microweber

Prior to Microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

CVE-2022-2353: update · microweber/microweber@79c6914

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

CVE-2022-22370: Security Bulletin: A Cross Site Scripting vulnerability was fixed in the IBM Security Verify Access Product.

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.

CVE-2022-34166: IBM CICS TX Standard is vulnerable to cross-site scripting (CVE-2022-34166)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.

CVE-2022-34167: IBM CICS TX Standard is vulnerable to a stored cross-site scripting attack (CVE-2022-34167)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432.

CVE-2022-34306: IBM CICS TX HTML injection CVE-2022-34306 Vulnerability Report

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435.

CVE-2022-28624

A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.