7660 matches found
GHSA-RFF7-964G-PPPX The Reporting Addon for CUBA Platform has Persistent XSS
The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...
Yab Quarx persistent cross-site scripting vulnerability
Yab Quarx before 2.4.5 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...
GHSA-P4XG-CPR9-VWVJ Red Hat Wildfly DoS
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...
Red Hat Wildfly DoS
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...
Openstack Manila Persistent XSS in Metadata field
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
GHSA-6RH5-23HX-J452 Improper Authorization in Jenkins Core
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...
CVE-2021-31330
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
CVE-2021-31330
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
Cross site scripting
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
CVE-2021-31330
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
CVE-2022-1433
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
CVE-2022-1433
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
CVE-2022-1433
Removed by vendor...
CVE-2022-1433
An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...
CVE-2022-29880
A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...
device-mapper-persistent-data bug fix and enhancement update
An update is available for device-mapper-persistent-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...
Cross site scripting
Multiple Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerabilities in Adam Skaat's Countdown & Clock plugin = 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom,...
CVE-2022-29422 WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerabilities in Adam Skaat's Countdown & Clock plugin = 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom,...
CVE-2022-29422
CVE-2022-29422 concerns WordPress plugin Countdown & Clock (
XSS in JSON: Old-School Attacks for Modern Applications
I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...