Improper Input Validation in Jupyter Notebook

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

InHand Networks InRouter302跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A cross-site scripting vulnerability exists in InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to cause arbitrary Javascript code...

GHSA-QQR6-VM23-M488 Galaxy cross-site scripting (XSS)

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

Keycloak vulnerable to cross-site scripting via the state parameter

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using responsemode=formpost it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

GHSA-WQJJ-C9CX-Q7CF Jenkins Lockable Resources Plugin XSS vulnerability

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

Jenkins Lockable Resources Plugin XSS vulnerability

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

CVE-2022-21238

A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...

InHand Networks InRouter302 跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A cross-site scripting vulnerability exists in InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to cause arbitrary Javascript code...

CVE-2021-39059

IBM Jazz Foundation IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Cross site scripting

IBM Jazz Foundation IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

FacturaScripts Cross-Site Scripting Vulnerability (CNVD-2022-76230)

FacturaScripts is an ERP software. cross-site scripting vulnerability exists in versions prior to FacturaScripts 2022.07, which can be exploited by attackers to execute arbitrary javascript code, steal user cookies, execute HTTP requests, obtain "same-origin " page content, etc...

Cross-Site Scripting (XSS)

auth0-lock is vulnerable to cross-site scripting. The vulnerability exists in signUp function in actions.js due to lack of sanitization in the additional sign-up fields which allows an attacker to inject and execute arbitrary javascript...

WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS Authenticated Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A cross site scripting reflected...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an ERP software. cross-site scripting vulnerability exists in versions prior to FacturaScripts 2022.07, which can be exploited by attackers to execute arbitrary javascript code, steal user cookies, execute HTTP requests, obtain "same-origin " page content, etc...

Cross site scripting

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

Cross-Site Scripting (XSS)

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...

GHSA-9W7H-3WWH-6M5Q Cross-site Scripting in Microweber

Microweber prior to 1.2.15 is vulnerable to reflected cross-site scripting on demo.microweber.org/demo/module/. This allows the execution of arbitrary JavaScript as the attacked user...

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

CVE-2022-1439

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...

Cross site scripting

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction...