CVE-2012-4397

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 calendar displayname to part.choosecalendar.rowfields.php or 2 part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or 3 unspecified...

SUSE CVE-2011-2661

Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the 1 Directory.Item.name or 2 Directory.Item.displayName parameter...

OPENSUSE-SU-2023:0083-1 Security update for nextcloud

This update for nextcloud fixes the following issues: - Update to 23.0.12 See: https://nextcloud.com/changelog/latest23 - This also fix security issues: - CVE-2022-35931: Password Policy app could generate passwords that would be block boo1203190 - CVE-2022-39346: Missing length validation of use...

CVE-2022-39346 Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

CVE-2020-25491

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

Cross site scripting

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting XSS via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page...

6Kare Emakin 跨站脚本漏洞

6Kare Emakin is a Business Process Management BPM system from 6Kare Turkey. A security vulnerability exists in 6Kare Emakin version 5.0.341.0, which was discovered to contain a cross-site scripting XSS vulnerability via the DisplayName field of /rpc/membership/setProfile...

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

Cross-Site Scripting (XSS)

gogs.io/gogs is vulnerable to cross-site scripting. The vulnerability exists in list.tmpl because the DisplayName is not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

Nextcloud: Missing length validation of user displayname allows to generate an SQL error

Security advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6...

GHSA-3374-7H99-XR85 Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

Cross site scripting

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-23049

Fork CMS Content Management System v5.8.0 is affected by a cross-site scripting (XSS) vulnerability in the Displayname field when using Add, Edit, or Register. The root cause is improper encoding/input handling of the Displayname field, enabling attackers to inject and execute arbitrary web scrip...

Jenkins Claim Plugin Cross-Site Scripting (CVE-2021-21619)

A stored cross-site scripting vulnerability exists in Jenkins Claim plugin. This vulnerability is due to insufficient validation of the displayName shown in claims...

Microsoft Teams Cross-Site Scripting Vulnerability

Microsoft Teams is an American Microsoft Microsoft software for online meetings, chat, and cloud storage capabilities. A cross-site scripting vulnerability exists in Microsoft Teams online service, which stems from a stored cross-site scripting vulnerability contained in the displayName parameter...

CVE-2020-10146

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

CVE-2020-10146 Microsoft Teams displayName stored cross-site scripting vulnerability

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...