CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

CVE-2022-46903

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nexcloud desktop versions prior to 3.6.1, which originates from an attacker being able to inject arbitrary...

Moodle User Profile Field Cross-Site Scripting Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.11.0 and later, 3.11.1 and earlier, 4.0.0 and later, and 4.0.5 and...

CVE-2022-41814

Cross-site Scripting XSS vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage...

CVE-2022-41611

Cross-site Scripting XSS vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application...

CVE-2022-3958

Cross-site Scripting XSS vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks...

CVE-2022-3895

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML XSS...

CVE-2022-3893

Cross-site Scripting XSS vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application...

Cross site scripting

Cross-site Scripting XSS vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage...

CVE-2022-3895 Potential XSS in common user interface component library

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML XSS...

CVE-2022-44724

The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability...

CVE-2022-38902

Summary (CVE-2022-38902) : In Liferay Digital Experience Platform (DXP) 7.3.10 SP3, a Cross-site Scripting (XSS) vulnerability exists in the Blog module’s add-topic flow. The issue allows remote attackers to inject arbitrary JavaScript or HTML via the name field when creating a new topic. Affecte...

CVE-2022-40248

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...

CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...

ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

ETAP Safety Manager 1.0.0.32 Cross Site Scripting

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...

All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The plugin uses the wrong content type for, and does not properly escape the response from the ai1wmexport action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Po...

PYSEC-2022-249

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...