Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0

CVE
Open in Source
#xss#vulnerability
CVE-2022-28818: Adobe Security Bulletin

ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.

CVE-2022-28919: Possible XSS vulnerability · Issue #3651 · splitbrain/dokuwiki

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.

CVE-2022-28919: Possible XSS vulnerability · Issue #3651 · splitbrain/dokuwiki

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.

CVE-2022-28920: Possible XSS vulnerability · Issue #156 · MoeNetwork/Tieba-Cloud-Sign

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.

CVE-2022-28920: Possible XSS vulnerability · Issue #156 · MoeNetwork/Tieba-Cloud-Sign

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.

Siemens SICAM P850 and SICAM P855

This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.

CVE-2022-28873: Security advisories | F-Secure

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.

CVE-2022-28872: Security advisories | F-Secure

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.