Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.
70a0314e856faa7850385f954bd0bc6cedffe891f62a92cecd6f1fc993396b7a
This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.
1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.
4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
10e69ee091e2e078b2a41e7bbc107daf8c4ce083633ded9691b8ec2b700362a5
Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.
b98a768eae366cfdc727a202d36f9144a38ee93a1d91c74cb2410b0dd3974ebc
Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.
256376262a49c057629921be5beec6fce54d72865c495c12b211bc4fb22ecfaa
Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.
9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691a
T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.
a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251
Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.
afd7b7d6dc71690c8e9b74e168637e22184d16b38d583b0e4f0fc7f27fe83aad
WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.
cb5312a73f5b91f714b3b64a7d4a985e9b27b678feeae51e27a65c49cef79597
Red Hat Security Advisory 2022-1823-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Issues addressed include cross site scripting and open redirection vulnerabilities.
f239b6509c167d4f0fb694e9c49ad2a7197e2d9f0765f51fcc0f6869179992dc
Cyclos version 4.14.7 suffers from multiple cross site scripting vulnerabilities.
e710f333bbcaeaac9f58dbc1a7e5505dde0018fe2fe7af025485b2f1b8973bd5
Red Hat Security Advisory 2022-1777-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.
1b42edcf15bc395449a2f06f7c24ba1c5002c9b86ced5974af0fc8fe1f4ffeb1
e107 CMS version 3.2.1 suffers from cross site scripting and arbitrary file upload vulnerabilities that can allow for a shell upload.
3ae8caceae21f93d20493507ca607ad9781c300dc643e858c7c2ac8aa48b23b5
PHProjekt PhpSimplyGest and MyProjects version 1.3.0 suffer from a cross site scripting vulnerability.
683da3b4055369ad271be51cb81dbf94818591a437064ded4119628be26cc697
WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.
74269ba0f910606e9499b4b87b6ba8ea243f907c7743fde42c4af10707d6f9da
Ubuntu Security Notice 5394-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4d28ba4ec65abbd647ce541d3f35e56b233b7e97e1369456b0e2db59766b5636
WordPress Curtain plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
dd409ca511bc0a28d91f8a872afb7a264e5d4cb727f4f0e12c12e46b3f19e402
WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
74b9ec56ae316f5978465b98643c80e1a1217fc29f5dac8d5a1a8f0f73c876b9
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6
WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
1198ae90a0a19ceea8037a4ba1f3a90e0f447c7505ff7bf4fad7fd12b756e2b3
WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
f800608c7b194924e95a7c7384d8c6cfc72b83e0e53783ec418dd1ccd53766ac
WordPress Popup Maker plugin version 1.16.5 suffers from a persistent cross site scripting vulnerability.
dee276834c2f22c859c03de891f52e084ba8a1b053932c41a024857eb60f17be