Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-30874: GitHub - nukeviet/nukeviet: NukeViet CMS is multi Content Management System. NukeViet CMS is the 1st open source content management system in Vietnam. NukeViet was awarded the Vietnam Talent 2011, the

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.

CVE
Open in Source
#sql#xss#vulnerability#web#google#js#git#php
CVE-2022-25585: Stored XSS exists · Issue #5 · union-home/unioncms

Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings.

CVE-2022-33119: nuuo-xss/README.md at main · badboycxcc/nuuo-xss

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.

CVE-2022-31373: GitHub - badboycxcc/SolarView_Compact_6.0_xss

SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.

CVE-2022-31302: There are four storage XSS vulnerabilities · Issue #1 · maccmspro/maccms8

maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

CVE-2022-31303: 后台服务器组中存在XSS漏洞 · Issue #20 · maccmspro/maccms10

maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-23074: Mend Vulnerability Database

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

CVE-2022-23073: Mend Vulnerability Database

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.

CVE-2022-23072: Mend Vulnerability Database

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart� functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.