A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.
CWE-79
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
CVE-2023-0606
Cross-site Scripting (XSS) – Reflected in GitHub repository ampache/ampache prior to 5.5.7.
CVE-2023-0607
Cross-site Scripting (XSS) – Stored in GitHub repository projectsend/projectsend prior to r1606.
CVE-2023-0608
Cross-site Scripting (XSS) – DOM in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2023-0624
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.