#xss

CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

3 years ago

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.

3 years ago

CVE

Open in Source

#xss #vulnerability #auth

Serious Snipe-IT bug exploitable to send password reset email traps

Attackers could use the flaw to steal credentials with no authentication required

3 years ago

PortSwigger

Open in Source

#sql #xss #vulnerability #web #git #ssrf #auth #zero_day

CVE-2022-1588: Merge pull request from GHSA-m8x6-6r63-qvj2 · contao/contao@1992068

Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)

3 years ago

CVE

Open in Source

#xss #js #git

GHSA-m8gv-gvhf-7rhp: Cross-site Scripting in FacturaScripts

FacturaScripts versions 2022.06 and prior are vulnerable to reflected cross-site scripting attacks. This vulnerability can use arbitrarily executed javascript code to steal users' cookies, perform HTTP request, get content of `same origin` page, etc. A fix is available on the `master` branch of the GitHub repository and anticipated to be part of version 2022.07.

3 years ago

ghsa

Open in Source

#xss #vulnerability #git #java

GHSA-6346-5r4h-ff5x: Microweber vulnerable to cross-site scripting (XSS)

Microweber is a drag and drop website builder and a powerful next generation CMS. Microweber versions 1.2.15 and prior are vulnerable to cross-site scripting. This could lead to injection of arbitrary JaveScript code, defacement of a page, or stealing cookies. A patch is available on the `master` branch of Microweber's GitHub repository.

3 years ago

ghsa

Open in Source

#xss #web #git

GHSA-f23x-4gf4-m9ff: Cross-site Scripting in Microweber

Microweber prior to version 1.2.16 is vulnerable to cross-site scripting. This vulnerability allows an attacker to execute JavaScript as the victim.

3 years ago

ghsa

Open in Source

#xss #vulnerability #web #git #java

GHSA-qp2q-6h9j-jg2r: Cross-site Scripting in jquery.json-viewer

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.

3 years ago

ghsa

Open in Source

#xss #nodejs #js #git #perl

SAP Web Dispatcher HTTP Request Smuggling

SAP Web Dispatcher suffers from an HTTP request smuggling vulnerability.

3 years ago

Packet Storm

Open in Source

#xss #vulnerability #web #git #java #oracle #sap

CVE-2022-1584: update · microweber/microweber@527abd1

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim