Latest security vulnerabilities (CSRF,SQL Injection,Cross Site Scripting (XSS),Directory Traversal,Http Response Splitting)

CVE-2023-2925 CVSS:0.0

A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (Last Update:2023-05-27) (Publish Update:2023-05-27)

CVE-2023-2922 CVSS:0.0

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. (Last Update:2023-05-27) (Publish Update:2023-05-27)

CVE-2023-33195 CVSS:0.0

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. (Last Update:2023-05-27) (Publish Update:2023-05-27)

CVE-2023-32325 CVSS:0.0

PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. (Last Update:2023-05-27) (Publish Update:2023-05-27)

CVE-2023-2947 CVSS:0.0

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. (Last Update:2023-05-27) (Publish Update:2023-05-27)

CVE-2023-33196 CVSS:0.0

Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. (Last Update:2023-05-26) (Publish Update:2023-05-26)

CVE-2023-33194 CVSS:0.0

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. (Last Update:2023-05-26) (Publish Update:2023-05-26)

CVE-2023-33197 CVSS:0.0

Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. (Last Update:2023-05-26) (Publish Update:2023-05-26)

CVE-2023-20868 CVSS:0.0

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. (Last Update:2023-05-26) (Publish Update:2023-05-26)

CVE-2023-33780 CVSS:0.0

A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. (Last Update:2023-05-26) (Publish Update:2023-05-26)

Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com