Cross-site Scripting (XSS)

Sonargraph Integration Jenkins Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in doCheckLogFile function in SonargraphReportBuilder.java because it fails to escape the file path and the project name for the Log file field form validation which allows an attacker to...

Cross-Site Scripting (XSS)

admidio/admidio is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in this library. which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

IBM Sterling Partner Engagement Manager 跨站脚本漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. A security vulnerability exists in IBM Sterling Partner Engagement Manager. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI. Affected...

CVE-2023-33287

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

CVE-2023-33971

CVE-2023-33971 concerns the Formcreator GLPI plugin (versions 2.13.5 and earlier) with a reported stored cross-site scripting vulnerability. The issue arises from rendering with the ##FULLFORM## mechanism, which could allow arbitrary JavaScript execution in an admin/tech context. No patch is indi...

PT-2023-24270 · Atlassian · Confluence Inline Table Editing

Name of the Vulnerable Software and Affected Versions: Confluence Inline Table Editing versions prior to 3.8.0 Description: A stored cross-site scripting issue allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables. Recommendations: For versions...

Actonic Inline Table Editing 跨站脚本漏洞

Actonic Inline Table Editing is a multifunctional tool from Actonic, Germany. A security vulnerability exists in Actonic Inline Table Editing prior to version 3.8.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to store and execute...

Code injection

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

Design/Logic Flaw

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the Header and Footer parameter in settings.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2023-17921 · WordPress · Autoptimize

Name of the Vulnerable Software and Affected Versions: Autoptimize WordPress plugin versions prior to 3.1.7 Description: The issue allows high privileged users, such as administrators, to inject arbitrary javascript into the admin panel. This can occur even when the unfiltered html capability is...

Kiwi TCMS 跨站脚本漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.3 that stems from allowing users to upload attachments to test plans, test cases, etc., which makes it possible...

Cross-Site Scripting (XSS)

concrete5 is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the rss displayer which allows an attacker to inject arbitrary JavaScript code into the browser...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the settings.js file, which allows an attacker to inject arbitrary JavaScript code into the browser...