Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
70a0314e856faa7850385f954bd0bc6cedffe891f62a92cecd6f1fc993396b7aThis whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ceIn this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
10e69ee091e2e078b2a41e7bbc107daf8c4ce083633ded9691b8ec2b700362a5Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.
b98a768eae366cfdc727a202d36f9144a38ee93a1d91c74cb2410b0dd3974ebcEmby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.
256376262a49c057629921be5beec6fce54d72865c495c12b211bc4fb22ecfaaShowdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.
9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691aT-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.
a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.
afd7b7d6dc71690c8e9b74e168637e22184d16b38d583b0e4f0fc7f27fe83aadWordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.
cb5312a73f5b91f714b3b64a7d4a985e9b27b678feeae51e27a65c49cef79597Red Hat Security Advisory 2022-1823-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Issues addressed include cross site scripting and open redirection vulnerabilities.
f239b6509c167d4f0fb694e9c49ad2a7197e2d9f0765f51fcc0f6869179992dcCyclos version 4.14.7 suffers from multiple cross site scripting vulnerabilities.
e710f333bbcaeaac9f58dbc1a7e5505dde0018fe2fe7af025485b2f1b8973bd5Red Hat Security Advisory 2022-1777-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.
1b42edcf15bc395449a2f06f7c24ba1c5002c9b86ced5974af0fc8fe1f4ffeb1e107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5PHProjekt PhpSimplyGest and MyProjects version 1.3.0 suffer from a cross site scripting vulnerability.
683da3b4055369ad271be51cb81dbf94818591a437064ded4119628be26cc697WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.
74269ba0f910606e9499b4b87b6ba8ea243f907c7743fde42c4af10707d6f9daUbuntu Security Notice 5394-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4d28ba4ec65abbd647ce541d3f35e56b233b7e97e1369456b0e2db59766b5636WordPress Curtain plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
dd409ca511bc0a28d91f8a872afb7a264e5d4cb727f4f0e12c12e46b3f19e402WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
74b9ec56ae316f5978465b98643c80e1a1217fc29f5dac8d5a1a8f0f73c876b9Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
1198ae90a0a19ceea8037a4ba1f3a90e0f447c7505ff7bf4fad7fd12b756e2b3WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
f800608c7b194924e95a7c7384d8c6cfc72b83e0e53783ec418dd1ccd53766acWordPress Popup Maker plugin version 1.16.5 suffers from a persistent cross site scripting vulnerability.
dee276834c2f22c859c03de891f52e084ba8a1b053932c41a024857eb60f17be
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed