CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirecturi and clientid parameters. Although the redirecturi validation typically ensures that it matches th...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

Design/Logic Flaw

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp...

CVE-2023-4663

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9...

Design/Logic Flaw

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9...

CVE-2023-4663 XSS in Saphira Connect

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Saphira Saphira Connect allows Reflected XSS. This issue affects Saphira Connect: before 9...

Siemens SCALANCE X-200RNA Switch Devices Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-46350)

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The integrated web server could...

CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

The vulnerability of the Go programming language exists due to the lack of measures to neutralize special elements, allowing attackers to insert arbitrary attributes into HTML tags.

The vulnerability of the Go programming language exists because efforts have been made to eliminate special elements in non-quoted HTML attributes such as “attr=.”. Exploiting this vulnerability allows a malicious actor to insert arbitrary attributes into HTML tags from a remote location...

FreeBSD : Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard (79514fcd-feb4-11ed-92b5-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79514fcd-feb4-11ed-92b5-b42e991fc52e advisory. - Kanboard is project management software that focuses on the Kanban methodology. Due to improper...

The vulnerability of the centralized identification and access control solution FortiAuthenticator lies in its failure to address HTML tags, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the centralized authentication and access management solution FortiAuthenticator is related to the failure to implement measures to neutralize HTML tags. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks using a password reset...

FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...

CVE-2023-1767

The Snyk Advisor website https://snyk.io/advisor/ was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README fi...

CVE-2023-1767

The Snyk Advisor website https://snyk.io/advisor/ was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README fi...

CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro

XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...

CVE-2022-35850

An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the...

CVE-2023-29110 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-29110 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-1013

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Virames Vira-Investing allows Cross-Site Scripting XSS.This issue affects Vira-Investing: before 1.0.84.86...