Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-29711: Fix Graylog XSS by murrant · Pull Request #13931 · librenms/librenms

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

CVE
Open in Source
#xss#vulnerability#web#git#php
CVE-2021-36866: Pricing Tables WordPress Plugin – Easy Pricing Tables

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30513: School Dormitory Management System in PHP/OOP Free Source Code

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125

CVE-2022-30514: GitHub - bigzooooz/CVE-2022-30514: School Dormitory Management System 1.0 - Reflected XSS

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.

Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies. The post TrustPid is another worrying, imperfect attempt to replace tracking cookies appeared first on Malwarebytes Labs.

GHSA-xjfw-5vv5-vjq2: Cross-site Scripting in Filter Stream Converter Application in XWiki Platform

### Impact We found a possible XSS vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. ### Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. ### Workarounds The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) and change the lines ``` <input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$request.get($descriptorId)#else$descriptor.defaultValue#end"/> #else <input type="text" id="$descriptorId" name="$descriptorId"#if($request.get($descriptorId))value="$request.get($descriptorId)"#end/> ``` into ``` <input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$escapetool.xml($request.get($descriptorId))#else$descriptor.defaultValue#end"/> #else <input type="text" id="$descrip...

Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.