15795 matches found
CVE-2013-3375
Cross-site scripting XSS vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798...
CVE-2013-5706
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...
CVE-2013-1778
Cross-site scripting XSS vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...
CVE-2013-1887
Multiple cross-site scripting XSS vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields...
CVE-2013-1760
The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities...
CVE-2019-25148
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrato...
CVE-2019-14758
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...
CVE-2019-14760
An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's...
CVE-2019-14759
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio...
CVE-2019-14757
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
CVE-2019-10887
A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...
CVE-2019-19134
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...
CVE-2019-13068
public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...
CVE-2011-5080
Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-1339
Cross-site scripting XSS vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5519
Cross-site scripting XSS vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php...
CVE-2015-8755
Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...
CVE-2019-25075
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
CVE-2019-13588
A cross-site scripting XSS vulnerability in getPagingStart in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter...