WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Testimonial Slider and Showcase" 2.2.6 Exploit Author: saitamang , yunaranyancat , amdsyad Vendor Homepage: wordpress Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6 Tested on: Cento...

Security Bulletin: The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional.

Summary App Connect Professional have addressed the following vulnerability reported in Apache Tomcat. This vulnerability is addressed in App connect professional v7.5.5.0, customer can migrate to this version without incurring any additional cost. Vulnerability Details CVEID: CVE-2022-34305...

WordPress Plugin Redirection for Contact Form 7 Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Redirection for Contact Form 7 prior to version 2.5.0, which stems from a...

IBM Spectrum Copy Data Management跨站脚本漏洞

IBM Spectrum Copy Data Management is an IBM company that modernizes, simplifies, and automates data center copy management processes. IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 contain a cross-site scripting vulnerability that vulnerability stems from improper validation ...

CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...

CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...

CVE-2022-30237

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

GHSA-WC29-H54Q-Q8QX Formstone Vulnerable to Reflected XSS

Formstone =1.4.16 is vulnerable to a Reflected Cross-Site Scripting XSS vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in...

eZ Publish Cross-site Scripting (XSS) vulnerability

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

GHSA-M98Q-P5GQ-Q5FF eZ Publish Cross-site Scripting (XSS) vulnerability

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12.0 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials...

Ignite Realtime Openfire vulnerable to cross-site scripting

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2022-28214

During an update of SAP BusinessObjects Enterprise, Central Management Server CMS - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability...

GHSA-XR96-7CCP-PG5C DotNetNuke Vulnerable to XSS in Pass-Through Values

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...

DotNetNuke Vulnerable to XSS in Pass-Through Values

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2022-34802)

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. IBM Cognos Analytics has a cross-site scripting vulnerability that could be exploited by an attacker to steal a victim's cookie-based authentication credentials...

Cross site scripting

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the...

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...

RHEL 7 : rh-dotnet31-curl (RHSA-2022:1354)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1354 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Moderate: Red Hat Security Advisory: rh-dotnet31-curl security update

An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack 2022.1.43563 previously contained a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...