CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

Cross site scripting

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

Cross-site Scripting (XSS)

Cross-Origin Resource Sharing CORS Filter is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because the returned exception messages in 'CORSOriginDeniedException' reflects the origin in the request header allowing an attacker to inject and execute arbitrary Javascript to...

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. Recent assessments: kevthehermit at March 05, 2020 10:29am UTC reported: This plugin i...

Cross site scripting

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications and...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Cross site scripting

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

Envira Photo Gallery < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS) Issue

A stored XSS vulnerability exists in the version of the plugin 1.7.6. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary javascript code into the plugin gallery image which is viewed by other users...

CVE-2020-9003

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9003

A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript into a user's browser via the login and custom forms...

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. Incorrect parsing of template tag allows a remote attacker to inject and execute arbitrary Javascript in a user's browser...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the introeditortext parameter or the TinyMCE HTML editor...

CVE-2019-10178

It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892)

Summary IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...

Security Bulletin: IBM Sterling B2B Integrator Is Vulnerable to Cross-site Scripting Due to the Vulnerability of 10x (CVE-2016-5892)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...

Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator Standard Edition has addressed the cross-site scripting vulnerabilities Vulnerability Details CVEID: CVE-2019-4073 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrar...

Cross-Site Scripting (XSS)

erubis is vulnerable to cross-site scripting XSS. The single quote character ' is not validated and allows a remote attacker to inject and execute arbitrary Javascript in a user's browser via a template source and a malicious XML document...

Cross-Site Scripting (XSS)

Auth0-Lock is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary and execute arbitrary Javascript into a user's browser via the placeholder property. Customers using the additionalSignUpFields customization option are affected...