CVE-2023-2122

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary...

GHSA-9PHH-R37V-34WH lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files

Impact The browser renders the resulting HTML when opening a direct link to an HTML file via lakeFS. Any JavaScript within that page is executed within the context of the domain lakeFS is running in. An attacker can inject a malicious script inline, download resources from another domain, or make...

CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

CVE-2023-39000

A reflected cross-site scripting XSS vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path...

Cross-site Scripting (XSS)

rabbitmq-server is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists due to improper sanitization which allows a remote authenticated malicious user with administrative access to inject and execute arbitrary javascript...

CVE-2023-31928 - XSS vulnerability in Brocade Webtools

A reflected cross-site scripting XSS vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists in registerResourcePublicRoutes function at resource.go because the resources upload feature does not restrict the type of uploaded file, allowing an attacker to inject and execute arbitrary...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored Cross-site Scripting XSS. The vulnerability exists registerResourcePublicRoutes function at resource.go because the default-src in CSP is not properly configured which allows an attacker to bypass the CSP, inject and execute arbitrary javascript...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the link.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists at Search page due to lack of user-input sanitization in the pages/item component which allows an attacker to inject and execute arbitrary javascript or html codes...

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2023-25837

There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...

CVE-2023-25837

There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...

Cross site scripting

There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute...

Cross site scripting

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges...

CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.

There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...

CVE-2023-25836 BUG-000135364 XSS in 10.8.1 sites builder iframe source

There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required...