CVE-2019-20903

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

USN-4522-1 novnc vulnerability

It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting XSS attacks. CVE-2017-18635...

Ubuntu 16.04 LTS : noVNC vulnerability (USN-4522-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4522-1 advisory. It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An...

Design/Logic Flaw

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...

Adobe Experience Manager (AEM) HTML Injection Vulnerability

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. An HTML injection vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to inject arbitrary HTML into ...

CVE-2020-16266

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on viewallbugpage.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue if CSP...

Adobe Acrobat Pro DC Web2PDF:AppLinks JavaScript Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a...

LimeSurvey < 4.3.9 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Atlassian Jira < 8.5.5 / 8.6.x < 8.8.2 / 8.9.x < 8.9.1 Multiple Cross-Site Scripting (XSS)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.5, or version 8.6.x prior to 8.8.2, 8.9.x prior to 8.9.1. It is, therefore, affected by a multiple Cross-Site scripting XSS vulnerabilities. - Remote attackers can inject...

phpList < 3.5.5 Multiple Vulnerabilities

phpList is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; if description...

Impress CMS 1.4.0 Cross Site Scripting

Author: AppleBois Homepage: https://sourceforge.net/projects/impresscms/ Affected Version: 1.4.0 Stored XSS Allows an attacker to execute arbitrary HTML and JavaScript code Solution: Update to 1.4.1 More information : https://github.com/ImpressCMS/impresscms/issues/659 Payload = alert'AppleBois';...

Cross site scripting

The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability...

Cross site scripting

The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting XSS vulnerability through the committerFilter parameter...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

CVE-2020-5574

HTML attribute value injection vulnerability in Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and...

5iSNS content payment system suffers from XSS vulnerability (CNVD-2020-22734)

5iSNS content payment system is a home-grown , small , stable , support in the large amount of data still maintain a high load capacity of the SNS open source system . 5iSNS content payment system has an XSS vulnerability , attackers can use the vulnerability to inject arbitrary Web script or HTM...

Cross-Site Scripting (XSS)

reveal.js is vulnerable to cross-site scripting XSS attacks. It is possible because it does not restrict the data such as code, description and callback from arbitrary origins and allows the SetupPostMessage to invoke methods without validating the data.method against any blacklisting, directly...

Thrive Smart Home v1.1 Reflected Cross-Site Scripting

Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...

CVE-2019-17599

The quiz-master-next aka Quiz And Survey Master plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter and/or the quizid parameter. The component is:...

PT-2019-4295 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.885 Description: The issue is related to a lack of input sanitization in the filemanager2.php component, allowing for the execution of arbitrary HTML code or JavaScript scripts. This can be exploited via the cmd...