Cross-site Scripting (XSS)

vuejs is vulnerable to cross-site scripting XSS attacks. These attacks are possible when rendering html attributes...

[20170404] - Core - XSS Vulnerability

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components...

Field Group - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-001

Field Group module enables you to group fields on entity forms and entity displays. When adding a HTML element as group, the user has the option to add custom HTML attributes on the group. Via this option, a malicious user can embed scripts within the page, resulting in a Cross-site Scripting XSS...

Cross site scripting

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting XSS protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."...

The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks

The vulnerability of Microsoft Edge exists due to a flaw in the process of checking HTML attributes. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...

Microsoft Edge Arbitrary Script Code Execution Vulnerability

Microsoft Edge is one of the latest WEB browsers. Microsoft Edge does not disable HTML attributes in HTTP response data, allowing remote attackers to exploit the vulnerability. A special WEB page is constructed to trick the user into loading it, which can execute arbitrary script code...

CVE-2015-6058

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting XSS protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."...

CVE-2015-6058

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting XSS protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."...

Microsoft Internet Explorer mergeAttributes Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

WordPress 4.2 stored XSS

OVERVIEW ========== Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverag...

WordPress 4.2 Cross Site Scripting

Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverage the...

PT-2012-4111

Name of the Vulnerable Software and Affected Versions WinWebMail Server version 3.8.1.6 Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, crafted Cascading Style Sheets CSS expressions...

Cross site scripting

Cross-site scripting XSS vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes...

CVE-2009-1714

Cross-site scripting XSS vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes...

drupal -- cross-site scripting

The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

SA-CORE-2009-005 - Drupal core - Cross site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

CVE-2007-5806

Cross-site scripting XSS vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the 1 mailing or 2 forum component, as demonstrated using the style and...

Cross site scripting

Cross-site scripting XSS vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the 1 mailing or 2 forum component, as demonstrated using the style and...

CVE-2007-3891

Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes...

CVE-2007-3033

Cross-site scripting XSS vulnerability in Windows Vista Feed Headlines Gadget aka Sidebar RSS Feeds Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zo...