Latest Security News about xss

Contact us to Fix the issue

phpbb 3.0.x-3.0.6 has an XSS vulnerability

Overview : some issues found in phpbb 3.0.x-3.0.6 with an XSS vulnerability. Affected Product(s) : phpbb 3.0.x-3.0.6 Vulnerability Details : CVE ID : CVE-2019-12419 phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. Solution : Source Package Release Version Status phpbb3 (PTS) jessie 3.0.12-5+deb8u1 fixed jessie (security) 3.0.12-5+deb8u4 fixed Package Type Release Fixed […]

Contact us to Fix the issue

Etherpad-Lite 1.7.5 has an XSS Vulnerability

Overview : templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. Affected Product(s) : Etherpad-Lite 1.7.5 Vulnerability Details : CVE ID : CVE-2019-18209 The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks. The vulnerability exists due to insufficient […]

Contact us to Fix the issue

XSS / SSRF hacks in SuiteCRM

Overview : SuiteCRM Lists Latest Updates of XSS / SSRF Vulnerabilities Affected Product(s) : SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 Vulnerability Details : CVE ID : CVE-2019-14454 SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. CVE ID : […]

Contact us to Fix the issue

XSS attacks in Joomla! 3.x before 3.9.12

Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. Affected Product(s) : Joomla! 3.x before 3.9.12 Vulnerability Details : CVE ID : CVE-2019-16725 Inadequate escaping allowed XSS attacks using the logo parameter of the default templates. Solution : Upgrade to version 3.9.12

Contact us to Fix the issue

XSS vulnerability on Apache JSPWiki

Overview : On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Affected Product(s) […]