Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the value.name field in the dashboard widget. An attacker can execute arbitrary JavaScript in the context of an admin user's browser by injecting malicious scripts into...

PT-2022-27057 · Unknown +1 · Ticklishhoneybee Nodau +1

Name of the Vulnerable Software and Affected Versions: TicklishHoneyBee nodau affected versions not specified Description: A critical issue was found in TicklishHoneyBee nodau, affecting some unknown functionality of the file src/db.c. The manipulation of the value/name argument leads to sql...