Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in getAllLinkTagsById of Tags.php due to missing conversion of the tag field to html entities which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in record.questions.php due to lack of sanitization of the user inputs of mail parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in the reply form due to the lack of sanitization in msgID, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in setName of Rule.php due to improper sanitization of input name parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in multiple functions of Unit.php due to improper input sanitization which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of event sanitization in the $events parameter of Validate.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-Site Scripting (XSS)

total4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in replace parameter of internal.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in getLinkContent of link.js due to improper sanitization of user inputs which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in record.edit.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

Cross site scripting

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

Cross-Site Scripting (XSS)

azuracast/azuracast, is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the getDisplayName, parameter of main.phtml which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...

Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. PoC Make a logged in...

PT-2023-33068 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions 4.9.10 and earlier TinyMCE versions 5.4.0 and earlier Description: A cross-site scripting XSS issue was found in the core parser of TinyMCE, allowing arbitrary JavaScript execution when inserting specially crafted content int...

Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

Stored Cross-Site Scripting (XSS)

andrewhaine/silverstripe-form-capture is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in form submissions, which allows an attacker to inject and execute arbitrary JavaScript into the browser...