CVE-2020-12817

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors...

CVE-2020-12817

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors...

Siemens Polarion Subversion Webclient

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS, Cross-site Request Forgery CSRF 2. RISK EVALUATION...

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove scipt-related HTML tags from web pages. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser when the library is configured in classic editing mode. The stripping and sanitization logic of TinyMCE can be bypassed using nested and non-terminated HTML tags,...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

GHSA-Q4M3-2J7H-F7XW Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross site scripting

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

CVE-2020-7656

Removed by vendor...

GitLab: Stored XSS in blob viewer

Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...

Cross-site Scripting (XSS)

johnpbloch/wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists through a flawed sanitizing mechanism where wpfilterpostkses is used instead of wpfilterkses, allowing HTML tags to be passed and interpreted...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200113)

This update upgrades Firefox to version 68.4.1 ESR. Security Fixes : - Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement CVE-2019-17026 - Mozilla: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 - Mozilla: Type Confusion in XPCVariant.cpp...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...

Cross site scripting

The sanitizestring function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting XSS attack by wrapping a payload in "scriptpayload", or in an image tag, with the payload as the onerror event...

CVE-2015-5593

The sanitizestring function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting XSS attack by wrapping a payload in "scriptpayload", or in an image tag, with the payload as the onerror event...

Siemens XHQ Operations Intelligence

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script-Related HTML Tags in a Web Page, Improper Input Validation 2. RISK...