Adobe Experience Manager (AEM) stored cross-site scripting vulnerability (CNVD-2020-52153)

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

Adobe Experience Manager (AEM) Cross-Site Scripting Vulnerability (CNVD-2020-51768)

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

GHSA-5FF8-JCF9-FW62 Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

Cross-Site Scripting in nextcloud-vue-collections

Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...

GHSA-VPJ4-89Q8-RH38 Cross-Site Scripting in bpmn-js-properties-panel

Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.31.0 or lat...

GHSA-V9WP-8R97-V6XG Cross-Site Scripting in jquery.json-viewer

Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting XSS. The package insufficiently sanitizes user input when creating links, and concatenates the user input in an tag. This allows attackers to create malicious links with JSON payloads such as: "foo":...

GHSA-C53X-WWX2-PG96 Cross-Site Scripting in @berslucas/liljs

Versions of @berslucas/liljs prior to 1.0.2 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation Upgrade to version 1.0.2 or later...

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

Cross site scripting

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

GHSA-3QH4-R86R-GRVM Arbitrary JavaScript Execution in typed-function

Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later...

GHSA-9PR3-7449-977R Cross-Site Scripting in express-cart

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is currently...

Cross-Site Scripting in express-cart

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is currently...

Cross-Site Scripting in highcharts

Versions of highcharts prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize href values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser if they click the link...

WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in WP Customer Reviews 3.4.2 and lower allow remote attackers to inject arbitrary JavaScript code or HTML. PoC If WP Customer Reviews is enabled on a page, an unauthenticated attacker can exploit XSS via review form's parameters: - Reviewer Nam...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser when the library is configured in classic editing mode. The stripping and sanitization logic of TinyMCE can be bypassed using nested and non-terminated HTML tags,...

Cross-Site Scripting (XSS)

prismjs is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the easing preview of the Previewers plugin...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The agent name in the build time trend page is not validated, allowing an attacker to inject and execute arbitrary Javascript in a user's browser...

Cross site scripting

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2020-4542

The CVE-2020-4542 entry describes a cross-site scripting vulnerability in IBM Jazz Foundation and IBM Engineering products, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products/versions include IBM RQM (6...