Stored Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of HTML sanitization in the the user ID when exporting to data formats supporting HTML which allows an attacker to inject and execute arbitrary JavaScript when a user clicks on the downloaded file. Not...

Cross-site Scripting (XSS)

jsuites is vulnerable to Cross-site Scripting XSS attacks. The vulnerability exists in the dropdown function of jsuites.js file due to improper HTML sanitization, allowing an attacker to inject and execute malicious JavaScript on a victim's browser...

CVE-2021-32857 Cockpit vulnerable to Cross-site Scripting

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting XSS issues. There are no known patches for this issue...

PT-2023-12189 · Cockpit · Cockpit

Name of the Vulnerable Software and Affected Versions: Cockpit versions 0.12.2 and prior Description: Cockpit is a content management system that allows addition of content management functionality to any site. In the affected versions, bad HTML sanitization in htmleditor.js may lead to cross-sit...

SUSE CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Cross site scripting

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

Cross-site Scripting (XSS)

cakephp is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of sanitization of HTML elements in the development only missing route and duplicate named route error pages, which can lead to JavaScript injection...

Cross-site Scripting (XSS)

microweber/microwebe is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in the html elements which allows an attacker to inject and execute malicious javascript...

Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.

Loofah versions between 2.1.0 and 2.19.1 were vulnerable to a cross-site scripting XSS attack via the image/svg+xml media type in data URIs. This allowed an attacker to bypass HTML sanitization and execute malicious code. The vulnerability was mitigated by upgrading to Loofah version 2.19.1 or...

Design/Logic Flaw

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

CVE-2022-23517

CVE-2022-23517 affects rails-html-sanitizer: older configurations (versions

DEBIAN-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

PT-2022-7454

Name of the Vulnerable Software and Affected Versions rails-html-sanitizer versions 1.0.3 through 1.4.3 Description The issue is related to the sanitization of HTML fragments in Rails applications when used in combination with Loofah. It allows a remote attacker to conduct cross-site scripting...

Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

GHSA-GG8R-XJWQ-4W92 Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...