CVE-2016-8613

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

CVE-2016-8613

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

FreeBSD : wordpress -- multiple issues (4740174c-82bb-11e8-a29a-00e04c1ea73d)

wordpressdevelopers reports : Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is...

wordpress -- multiple issues

wordpressdevelopers reports: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is...

Office 365 in the 0-day vulnerability baseStriker appear in the wild examples of the use-vulnerability warning-the black bar safety net

5 October 1, Avanan the researchers found that Office 365 appears in a named baseStriker of 0-day vulnerabilities. An attacker can exploit this vulnerability to send malicious mail, bypassing the Office 365 account security mechanisms. ! baseStriker vulnerability of the code to use the less...

CVE-2018-1000154

Zammad (version 2.3.0 and earlier) contains an Improper Neutralization of Script-Related HTML Tags in email subjects (CWE-80) that can lead to embedding/execution of JavaScript in a user’s browser, exploitable when a ticket is opened. Affected: Zammad

CVE-2013-4891

The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...

CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1...

Cross-site Scripting (XSS)

locutus is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as strings with unpermitted html tags are still accepted after using striptags...

GHSA-Q4QQ-FM7Q-CWP5 Multiple XSS Filter Bypasses in validator

Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test Incomplete...

SmarterStats 11.3.6347 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications ---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries...

SmarterStats 11.3.6347 - Cross-Site Scripting

SmarterStats 11.3.6347 - Cross-Site Scripting ---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries...

Spoofing

Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."...

Microsoft Outlook Spoofing Vulnerability

A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials. In an email attack scenario an attacker could exploit the...

Microsoft Internet Explorer CHtmTag Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cross-Site Scripting (XSS)

brooklyn-jsgui is vulnerable to cross-site scripting XSS attacks. A malicious user can deploy an entity with the alert html tags in its name, allowing the execution of arbitrary code...

Cross-site Scripting (XSS)

nanogallery is susceptible to cross-site scripting attacks. The attack is possible because it allows custom HTML tags in fields such as the title field...

CVE-2016-8613

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

ricochet -- information disclosure

special reports: By sending a nickname with some HTML tags in a contact request, an attacker could cause Ricochet to make network requests without Tor after the request is accepted, which would reveal the user's IP address...

User Picker Custom field HTML tags showing when creating new issues

h3. Summary Customer reported that when creating custom field User Picker and added html tags in description field, text link shows correctly in Custom Field screen under Administration Setting. However when creating new issues, the create issue form for User Picker field shows the HTML code not...