Latest Security News about xss

Contact US For API Security>

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.

  Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2019-19912 Overview In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers [...]
Contact US For API Security>

Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.

Overview : Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. CVE-2020-9467 stored XSS with pwg.images.setInfo #1168 n file param. No worry with an admin, but this method can be used by a community user as well. Originally reported by Zak S. see CVE-2020-9467 References Note: References are provided for the [...]
Contact US For API Security>

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server

  Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893. Reference Key Each reference used in CVE has the following structure: SOURCE: NAME SOURCE is an [...]
Contact US For API Security>

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server

Overview : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. Mitigations Microsoft has not identified any mitigating factors for this vulnerability. Workarounds Microsoft has not identified any workarounds for this vulnerability. Acknowledgements Pham Van Khanh @rskvp93 from Viettel Cyber [...]