Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the 1 tag parameter to opac-search.pl; the 2 value parameter to...

Moderate severity vulnerability that affects DotNetNuke.Core

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field...

CVE-2018-18087

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...

Cross site scripting

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...

CVE-2018-17053

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...

Cross site scripting

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...

CVE-2018-0653

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view...

CVE-2018-0657

Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service for EC-CUBE EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version...

Cross site scripting

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view...

CVE-2018-0642

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0654

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page...

CVE-2018-0657

CVE-2018-0657 is a cross-site scripting vulnerability in the EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service). The issue affects: EC-CUBE Payment Module (2.12) up to version 3.5.23 and earlier; EC-CUBE Payment Module (2.11) up to version 2.3.17 and earlier; GMO-PG Payme...

ember-source Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

Cross-site scripting XSS vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php...

Cross site scripting

OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'file' parameter in line 43 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...

Network Weathermap Persistent Cross-Site Scripting (CVE-2013-2618)

A cross-site scripting vulnerability has been reported in Network Weathermap. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...