Cross-Site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in extraAttributes of POSTHyperlinkNote.java because URLs of these hyperlinks in build logs are not properly encoded which allows an attacker to inject malicious scripts and create pipelines...

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

CVE-2022-22229

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...

CVE-2022-22242 Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all...

CVE-2022-22242 Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web

A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all...

CVE-2022-22229 Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...

CVE-2022-22229 Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping and sanitization of the values stored during a comment update. An attacker can execute malicious...

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...

GHSA-W9MF-83W3-FV49 Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release 18.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality...

PT-2022-25361 · Kfm · Kfm

Name of the Vulnerable Software and Affected Versions: kfm versions through 1.4.7 Description: A cross-site scripting XSS issue exists, allowing for the execution of malicious scripts via a crafted GET request to the "/kfm/index.php" API endpoint. Recommendations: For versions through 1.4.7, upda...

Cross site request forgery (csrf)

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

CVE-2022-27546 HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

GHSA-RG7P-WMGJ-F374 Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2022-34258

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

Cross site scripting

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

Path traversal

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A lo...

CVE-2022-34258 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...