Cross site scripting

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Cross-site Scripting (XSS)

readthedocssphinxsearch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user content in the search results rendering function. This potentially allowing an attacker to include arbitrary HTML content in these results and that can leads to XSS...

PT-2024-40529 · Unknown · Readthedocs-Sphinx-Search

Name of the Vulnerable Software and Affected Versions: readthedocs-sphinx-search versions prior to 0.3.2 Description: This issue could have allowed an attacker to include arbitrary HTML content in search results by having a user search a malicious project. The problem was due to the search client...

Design/Logic Flaw

Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

PT-2023-29225 · Unknown · Sanitize-Html

Name of the Vulnerable Software and Affected Versions: HtmlSanitizer versions prior to 8.0.723 HtmlSanitizer version 8.1.722-beta and earlier Description: The issue occurs in configurations where foreign content is allowed, specifically when svg or math are in the list of allowed elements. This...

Design/Logic Flaw

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448

The CVE-2022-45448 vulnerability affects the M4 PDF plugin for Prestashop sites, versions 3.2.3 and earlier. The flaw arises in /m4pdf/pdf.php, which uses templates to generate documents; if a requested template does not exist, a fixed MPDF-formatted document is returned. An attacker can exploit ...

Cross site scripting

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

Wchat 1.6 HTML Injection

==================================================================================================================================== | Title : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / brows...

UBUNTU-CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

CVE-2019-25148

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrato...

CVE-2019-25144

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...

Input validation

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...

FreeBSD : Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard (79514fcd-feb4-11ed-92b5-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79514fcd-feb4-11ed-92b5-b42e991fc52e advisory. - Kanboard is project management software that focuses on the Kanban methodology. Due to improper...

Cross-Site Scripting (XSS)

org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim's browser...

CVE-2023-25833

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser no stateful change made or customer data rendered...