4 matches found
CVE-2022-50586
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2022-50586
CVE-2022-50586 affects Nagios XI pre-5.8.9 with stored XSS in the BPI component’s info URL field. Root cause: insufficient validation/escaping of user-supplied input, enabling injection of arbitrary script into a victim’s browser. Impact is described as cross-site scripting in Nagios XI web UI; n...
EUVD-2021-32239
Malicious code in bioql PyPI...
PRODSECBUG-2128: Stored Cross Site Scripting in the Admin Panel through the tax/notification/info_url setting
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...