7613 matches found
GHSA-9HR6-5X6G-GG5G Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...
Cross-site Scripting (XSS)
Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...
YUI Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML...
GHSA-J57P-G33W-95C5 OpenStack Horizon Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a networ...
Adobe ColdFusion 2018.x < 2018 Update 14 / 2021.x < 2021 Update 4 XSS (APSB22-22)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 14 or 2021.x update 4. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote...
CVE-2022-27308
A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...
CVE-2022-27330
CVE-2022-27330 describes a cross-site scripting (XSS) vulnerability in the E-Commerce Website v1.0, exploitable through a crafted payload injected into the Product Title field when using the admin URL /public/admin/index.php?add_product. The vulnerability allows execution of arbitrary web scripts...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...
CVE-2022-20629 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...
TYPO3 Backend vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-MQ4X-8WHH-JX73 Improper Input Validation in Mortbay Jetty
jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...
GHSA-G4FC-J79Q-GJRH Alkacon OpenCms XSS via username during login
Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page...
Cross-site Scripting (XSS)
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS via a crafted URL that points to Jenkins. An attacker can inject arbitrary web script or HTML by crafting a malicious URL. Details Cross-site...
GHSA-MCFM-J5G6-W26F Elgg Reflected XSS Vulnerability
VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...
Elgg Reflected XSS Vulnerability
VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...
Cisco Unified CM和Unified CM SME跨站脚本漏洞
Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. A cross-site scripting vulnerability exists in Unified CM an...
Cross site scripting
A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2022-20788 Cisco Unified Communications Products Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a...
CVE-2022-20778 Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the...