Jenkins Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813...

GHSA-W7RQ-8F2G-JVQR Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

GHSA-7GHM-FP7P-QVJQ Moodle XSS Vulnerability

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

Django Cross-site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by an @property...

GHSA-6565-FG86-6JCX Django Cross-site Scripting Vulnerability

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by an @property...

GHSA-5FQ5-PFV8-MRFV MoinMoin Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

ViMbAdmin Cross-site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 transport parameter to domain/add; the 3 name parameter to mailbox/add/did/; the 4 goto parameter to alias/add/did/; or the 5 captchatext...

GHSA-HHFW-XXHM-PF32 ADOdb Cross-site scripting vulnerability in old test script

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

phpMyAdmin XSS Vulnerability

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

typo3/cms-felogin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

GHSA-M3P9-C7P3-XXMP Mayaa Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions...

GHSA-QJMG-77XH-7MJW Loggerhead XSS via filename

Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...

Fork CMS Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...

Cross-site scripting in yui 2.4.0

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...

DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...

Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the Static Methods since 2007 div2007 extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3libdiv::quoteJSvalue function...

Umbraco CMS vulnerable to stored XSS

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

Djblets Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...

GHSA-6QJV-43MF-RGRH XSS in baserCMS

Cross-site scripting vulnerability in baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Gleez Cms Cross-site Scripting in Profile Page

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting XSS vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability...