Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-1682: We check the url parameter of the link to ensure that it is a valid c… · NeoRazorX/facturascripts@8e31d84

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser

CVE
Open in Source
#xss#git
CVE-2022-1682: We check the url parameter of the link to ensure that it is a valid c… · NeoRazorX/facturascripts@8e31d84

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30057

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.

CVE-2021-42648: Cross Site Scripting(XSS)vulnerability in code-server · Issue #4355 · coder/code-server

Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.

CVE-2021-42648: Cross Site Scripting(XSS)vulnerability in code-server · Issue #4355 · coder/code-server

Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.

CVE-2021-28290: XSS issue in Client Secrets and Api Resource Secrets · Issue #813 · skoruba/IdentityServer4.Admin

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.

CVE-2021-28290: XSS issue in Client Secrets and Api Resource Secrets · Issue #813 · skoruba/IdentityServer4.Admin

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.