Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

Cross-Site Scripting

typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or JavaScript...

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of editor input in the search result view, allowing authenticated editors to inject arbitrary HTML...

GHSA-6FC6-CJ2J-H22X TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML...

TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML...

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of parameter sanitization, allowing the injection of arbitrary HTML through crafted URLs...

GHSA-M8V7-X398-PXRF Silverstripe XSS in CMS Edit Page

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack...

CVE-2024-34707

CVE-2024-34707 affects Nautobot where an admin user can modify BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN via the /admin/constance/config/ endpoint, enabling insertion of arbitrary HTML and potentially stored XSS across Nautobot pages. Multiple connected sources confirm this risk and describe th...

Dolibarr Application Home Page has HTML injection vulnerability

Summary Observed a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the...

CVE-2024-25690

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser...

CVE-2024-25690

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser...

CVE-2024-25690

CVE-2024-25690 describes an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below. An unauthenticated remote attacker could craft a link that, when clicked by a victim, renders arbitrary HTML in the browser. The description notes a network attack with user interaction req...

CVE-2024-25690 HTML injection in ArcGIS Web AppBuilder

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser...

PT-2024-22447 · WordPress · Responsive

Name of the Vulnerable Software and Affected Versions: The Responsive theme for WordPress versions up to, and including, 5.0.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the save footer text callback function. This makes it possible for...

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

Cross site scripting

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...