Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification emails. An attacker can inject arbitrary HTML content into emails sent to other users by submitting specially crafted input. Details Cross-site scripting or XSS is a code vulnerability that...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the /pagepreview page. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerability that occurs...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the destination parameter rendered on the challenge page using text/template. An attacker can execute arbitrary JavaScript in the context of the victim's browser by supplying a crafted value that breaks out ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the web page generation process. An attacker can execute arbitrary scripts in the context of a user's browser by supplying crafted input that is not properly neutralized. Details Cross-site scripting or XSS i...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the nohtml configuration option not applying to SVG files. An attacker can execute arbitrary JavaScript code in the context of the user who opens a malicious SVG by uploading a crafted SVG file containing...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification email process. An attacker can mislead recipients into visiting attacker-controlled domains by setting a specially crafted nickname that is rendered as a clickable link in notification email...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the device image upload. An attacker can execute arbitrary JavaScript in the context of other users' browsers by uploading a crafted SVG file containing malicious scripts. Details Cross-site scripting or XSS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the \authentication\ file. An attacker can inject and execute arbitrary scripts by submitting crafted input to the affected endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs...

Cross-site Scripting (XSS)

Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search completion process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is not properly escaped...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via widget URLs in the skywalking-ui component. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious content into stored data that is later rendered in the web...

EUVD-2025-199720

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedLanguageId parameter. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input to this parameter. Details Cross-site scripting or XSS is a code vulnerability that...

Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of user-supplied input in printFilterValue. An attacker can execute arbitrary JavaScript in the context of users viewing affected pages by injecting malicious scripts through crafted input...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of user-supplied metadata fields such as title, description, subject, and others. An attacker can execute arbitrary HTML or JavaScript in the context of a user's browser by injecting malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the components tab. An attacker can execute arbitrary web script or HTML by injecting malicious content that is rendered in the user's browser. Details Cross-site scripting or XSS is a code vulnerability tha...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in message board threads and categories. An attacker can execute arbitrary JavaScript code in the context of another user by injecting malicious scripts into these fields. Details Cross-site scripting or XSS is ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the userDate function. An attacker can inject arbitrary HTML into the DOM by editing interface messages that are rendered as raw HTML. This is only exploitable if a user has the editinterface right but not t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the title parameter in the URL /admin.php?m=config&n=edit&o=core&p=title. An attacker can inject malicious scripts from the admin interface by crafting a malicious title value. Note:...