CVE-2023-39360

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...

CVE-2023-39512

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-39513

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

CVE-2023-39513 Stored Cross-site Scripting on host.php verbose data-query debug view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

GHSA-8C6X-G4FW-8RF4 Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.

Impact A Cross-Site Scripting XSS vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, autoescape=True was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offlin...

Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.

Impact A Cross-Site Scripting XSS vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, autoescape=True was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offlin...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from the fact that when the parameter content is set to true, the RSS macro bundled with XWiki contains the content of feed items without any...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

CVE-2022-45928

OpenText Content Suite Platform 22.1 (16.2.19.1803) is affected by a remote OScript execution vulnerability. Multiple endpoints accept the htmlFile parameter, which is processed in the HTML rendering pipeline and can trigger Oscript code execution in the Content Server. The underlying risk is tha...

Design/Logic Flaw

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML XSS...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scriptingXSS attacks. The HTML output generated for new symbol-based SVG icons includes the title attribute of l:ionicon and alt attribute of l:icon without further escaping, resulting in a cross-site scripting XSS vulnerability...

[SECURITY] Fedora 35 Update: htmltest-0.15.0-3.fc35

htmltest runs your HTML output through a series of checks to ensure all your links, images, scripts references work, your alt tags are filled in, et cetera...

CVE-2022-34171

In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...

Cross site scripting

In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...

CVE-2022-34171

In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...

GHSA-CF4Q-4CQR-7G7W SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc

xml2rfc allows script elements in SVG sources. In HTML output having these script elements can lead to XSS attacks. Sample XML snippet: Impact This vulnerability impacts website that publish HTML drafts and RFCs. Patches This has been fixed in version 3.12.4. Workarounds If SVG source is...

SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc

xml2rfc allows script elements in SVG sources. In HTML output having these script elements can lead to XSS attacks. Sample XML snippet: Impact This vulnerability impacts website that publish HTML drafts and RFCs. Patches This has been fixed in version 3.12.4. Workarounds If SVG source is...

PeTeReport - An Open-Source Application Vulnerability Reporting Tool

PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...

CSRF token exposure in TYPO3 extension

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

GHSA-HF6P-4RV2-9QRP Path Traversal in bikshed

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output...