CVE-2020-5592

Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors...

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-20277)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...

CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

CVE-2020-13271

Removed by vendor...

Cross-site Request Forgery (CSRF)

bolt/bolt is vulnerable to cross-site request forgery. The vulnerability exists as it accepts requests without a valid token in the preview generating endpoint in src/Controller/Frontend.php which allows an attacker to inject and execute arbitrary javascript...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32614)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32615)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32613)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

CVE-2020-7011

Elastic App Search versions before 7.7.0 contain a cross site scripting XSS flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they...

IBM Planning Analytics Cross-Site Scripting Vulnerability (CNVD-2020-32657)

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics. An attacker can exploit thi...

CVE-2020-4503

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283...

Cross-Site Scripting (XSS)

com.liferay.portal.search.web is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the curUserName parameter...

Cross-Site Scripting (XSS)

com.liferay.frontend.js.spa.web is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Liferay.SPA.loginRedirect parameter...

Urban Dictionary: DOM XSS through ads

Multiple ads hosted on www.urbandictionary.com make the www.urbandictionary.com origin vulnerable to DOM XSS. Attached is an image of alertdocument.domain executing. The injection works in Firefox and Chrome. Visiting the following URL will probably cause an alert box displaying the document.doma...

Cross-Site Scripting (XSS)

portal-web is vulnerable to cross-site scripting. Lack of output sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user's browser...

Cross-site Scripting (XSS)

kaminari-core is vulnerable to cross-site scripting XSS. The attack is possible because of an incomplete GET param black-listing, allowing an attacker to inject and execute arbitrary Javascript via the originalscriptname parameter when a user visits pages containing pagination links...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the OpenTSDB datasource...

Cross-Site Scripting

Overview Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...