Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the comment section in the library, allowing an attacker to inject and execute malicious javascript...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

WBCE CMS 跨站脚本漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which originates from a cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php. The vulnerability can be exploited by an attacker to execute...

CVE-2022-45040

A cross-site scripting XSS vulnerability in /admin/pages/sectionssave.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field...

Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

WBCE CMS Section Header Field Cross-Site Scripting Vulnerability

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

Cross site scripting

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

PT-2022-27368 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.4 Description: A cross-site scripting XSS issue in the Show Advanced Option module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field. Recommendations: F...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

WBCE CMS 跨站脚本漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...

CVE-2022-45013

A cross-site scripting XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field...

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

libtiff: heap buffer overflow in extractImageSection

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

CVE-2022-42000 Potential XSS in comment section

Cross-site Scripting XSS vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage...

harfbuzz security update

An update is available for harfbuzz. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes:...

poppler security and bug fix update

An update is available for poppler. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...

WALinuxAgent bug fix and enhancement update

An update is available for WALinuxAgent. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

pki-servlet-engine bug fix and enhancement update

An update is available for pki-servlet-engine. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

sscg bug fix and enhancement update

An update is available for sscg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...