CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Cross site scripting

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

Cross-Site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the user-specified tooltip values...

Open-Xchange: XSS - Notes - Attribute injection through overlapping tags

The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...

Cross site scripting

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

Cross-Site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via cross-origin iframes...

Cross-Site Scripting (XSS)

snekserve is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filenames that are rendered from the directory listings...

Cross-site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. Lack of sanitization of malicious characters within the JSON data in jsondumper.rb allows a malicious user to inject and execute arbitrary javascript in a user's browser...

CVE-2020-5781

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...

CVE-2020-4615

IBM Data Risk Manager iDNA 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928...

Agoric: Stored XSS in agoric-sdk - malicious iframes, malicious svg

Summary: add summary of the vulnerability Steps To Reproduce: shell git clone https://github.com/Agoric/agoric-sdk.git cd agoric-sdk yarn config set "strict-ssl" false -g yarn config set "registry" "http://registry.npmjs.org/" -g yarn config set "cafile" "/etc/ssl/cert.pem" -g pipenv shell yarn...

Cross-Site Scripting in node-red

Versions of node-red prior to 0.18.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new items, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...

Cross-Site Scripting in diagram-js-direct-editing

Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later...

GHSA-8FW4-XH83-3J6Q Cross-Site Scripting in diagram-js

Versions of diagram-js prior to 3.3.1 for 3.x and 2.6.2 for 2.x are vulnerable to Cross-Site Scripting. The package fails to escape output of user-controlled input in search-pad, allowing attackers to execute arbitrary JavaScript. Recommendation If you are using diagram-js 3.x, upgrade to version...

Cross-Site Scripting (XSS)

webkit2gtk3 is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript on the user's browser by providing malicious web content...

CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...