Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

A Cross-site Scripting XSS vulnerability exists in janeczku/calibre-web, specifically in the file editbooks.js. The vulnerability occurs when editing book properties, such as uploading a cover or a format. The affected code directly inserts user input into the DOM without proper sanitization,...

Open redirect

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability i...

SUSE-SU-2022:2671-1 Security update for go1.17

This update for go1.17 fixes the following issues: Update to go version 1.17.13 bsc1190649: - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic bsc1202035. - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode bsc1201444. - CVE-2022-30631: compress/gzip...

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16471/info SoftMaker Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser ...