CVE-2023-40173 Unsalted passwords in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...

CVE-2023-40173 Unsalted passwords in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...

CVE-2023-40174 Insufficient Session Expiration in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Soci...

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

PT-2023-7240 · Adobe · @Adobe/Css-Tools

Name of the Vulnerable Software and Affected Versions: @adobe/css-tools versions 4.3.0 and earlier Description: The issue is related to an Improper Input Validation vulnerability in the CSS parser for Node.js css-tools. This vulnerability could result in a denial of service while attempting to...

cnpf.eu Cross Site Scripting vulnerability OBB-3576183

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory

Impact Angular Universal applications on 16.1.0 and 16.1.1 using critical CSS inlining are vulnerable to a cross-site scripting XSS attack where an attacker can trick another user into visiting a page which injects malicious JavaScript. Angular CLI applications without Universal do perform critic...

CVE-2023-39518

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

Cross site scripting

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

CVE-2023-39518

The CVE-2023-39518 entry concerns the project social-media-skeleton, an uncompleted PHP/MySQL web app. Affected versions are 1.0.0 through 1.0.3 and the vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by unsanitized input being stored and later rendered in the application. The is...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

123autoservice.lu Cross Site Scripting vulnerability OBB-3571762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

PT-2023-26990 · Unknown · Social Media Skeleton

Name of the Vulnerable Software and Affected Versions: social-media-skeleton versions 1.0.0 through 1.0.3 Description: The issue is a stored cross-site scripting vulnerability in an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Recommendations: For...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2583)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2613)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/'...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2613)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in misk-tailwind-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 567443deccb6eabc476eeb33858fd2ea51f98ab82ab3a814e02bacda56979a09 The OpenSSF Package Analysis project identified 'misk-tailwind-css' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...