CVE-2023-2745 WordPress Core < 6.2.1 - Directory Traversal

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

CVE-2022-47701

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting XSS...

CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-43527

Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary...

CVE-2022-46670 Rockwell Automation MicroLogix 1100 & 1400 Vulnerable to Cross-Site Scripting Attack

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an...

PT-2022-24681 · U-Office · U-Office

Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force PrintMessage function. This allows an unauthenticated remote attacker to inject JavaScript, potentially...

CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...

PT-2022-24680 · U-Office · U-Office

Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force Bulletin function, allowing an unauthenticated remote attacker to inject JavaScript and perform a Reflect...

CVE-2022-1755 SVG Support < 2.5 - Author+ Stored Cross-Site Scripting

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

CVE-2022-40029

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

Hyperledger: fix(cmd-socketio-server): mitigate cross site scripting attack #2068

Please refer this fix and approve Bounty. See this In Github Security Fix @ryjones https://github.com/hyperledger/cactus/pull/2068issuecomment-1186157206 Impact fixcmd-socketio-server: mitigate cross site scripting attack...

CVE-2022-20740

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management...

Mageia: Security Advisory (MGASA-2013-0217)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

S-CMS cross-site scripting vulnerability in Zibo Shining Network Technology Co.

S-CMS is a PHP and MySQL-based content management system CMS from S-CMS China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to execute cross-site scripting attack XSS via /function/booksave.php...

KLA12287 XSS vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to perform cross-site scripting attack. Original advisories CVE-2021-40440 Related products Microsoft-Dynamics-365 CVE list CVE-2021-40440 unknown KB list 5006076 5006075...

CVE-2021-1825

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross sit...

FortiManager and FortiAnalyzer - Multiple reflected XSS

Multiple improper neutralization of input during web page generation CWE-79 in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious payload in GET parameters...