CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

CVE-2023-6429

BigProf Online Invoicing System 2.6 has a persistent XSS in the FirstRecord parameter of /invoicing/app/clients_view.php due to insufficient encoding of user-controlled input. Multiple connected sources (NVD/NVD mirror, CVE records, and third-party references) describe the vulnerability as a cros...

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

CVE-2023-6428

CVE-2023-6428 affects BigProf Online Invoicing System 2.6. The vulnerability is persistent XSS via the FirstRecord parameter in the /invoicing/app/items_view.php endpoint caused by insufficient input encoding. If exploited, an attacker could store JavaScript payloads that execute when the page lo...

CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

CVE-2023-6427

BigProf Online Invoicing System 2.6 contains a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient input encoding. Multiple connected sources describe the vulnerability as allowing stored JavaScript payloads to execute when the affected page loads. ...

CVE-2023-6426

BigProf Online Invoicing System 2.6 is affected by a persistent XSS in the FirstRecord parameter of /invoicing/app/invoices_view.php due to insufficient encoding of user-controlled input. Attacker-controlled JavaScript could be stored and executed when the page loads. Public sources in the connec...

CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...

CVE-2023-6425

The CVE-2023-6425 issue affects BigProf Online Clinic Management System 2.2. It describes persistent XSS caused by insufficient encoding of user-controlled input in the FirstRecord parameter of the /clinic/medical_records_view.php endpoint. The vulnerability could allow an attacker to store JavaS...

CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

CVE-2023-6423

Summary: CVE-2023-6423 affects BigProf Online Clinic Management System 2.2, with a persistent XSS in the FirstRecord parameter of /clinic/events_view.php due to insufficient input encoding. This could allow an attacker to store JavaScript payloads that execute when the page loads. Affirmed detail...

CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update

OpenShift API for Data Protection OADP 1.3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions

The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid rising tensions between the two countries over the disputed South China Sea. Palo Alto Networks Unit 42 attributed the adversarial collective to three campaigns in August 2023,...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.2 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles...

CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles...

CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...

AZL-34894 CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...