Cross site scripting

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

CVE-2018-5950

Cross-site scripting XSS vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...

CVE-2018-6013

CVE-2018-6013 is an XSS vulnerability in BigTree CMS 4.2.19. The issue exists in core/admin/ajax/developer/extensions/file-browser.php, where the directory parameter can be used by remote attackers to inject arbitrary web script or HTML. The description across multiple sources confirms impact is ...

CVE-2014-6027

Multiple cross-site scripting XSS vulnerabilities in TorrentFlux 2.4 allow 1 remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or 2 remote authenticated users to inject arbitrary web script or HTML via vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...

CVE-2018-5690

Cross-site scripting XSS vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter aka the page limit number...

CVE-2012-6670

Multiple cross-site scripting XSS vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in 1 actions/nominatemedal.php or 2 actions/requestmedal.php...

CVE-2012-6670

Multiple cross-site scripting XSS vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in 1 actions/nominatemedal.php or 2 actions/requestmedal.php...

Cross site scripting

Cross-site scripting XSS vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action...

CVE-2017-16878

Cross-site scripting XSS vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration...

CVE-2017-15941

Cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration...

CVE-2017-16878

Cross-site scripting XSS vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration...

Cross site scripting

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

CVE-2017-5934

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-16876

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

PYSEC-2017-18

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

CVE-2017-16876

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...