Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the 1 @okmessage or 2 @errormessage parameter to issue...

CVE-2016-1000237

sanitize-html before 1.4.3 has XSS...

CVE-2016-1000237

sanitize-html before 1.4.3 has XSS...

CVE-2019-13693

Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

CVE-2019-13683

Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

KairosDB Cross-Site Scripting Vulnerability

KairosDB is a high-speed distributed scalable temporal database based on Cassandra. A cross-site scripting vulnerability exists in view.html in KairosDB 1.2.2 and earlier versions. The vulnerability stems from the showErrorMessage in js/graph.js, and can be exploited via view.html with the...

Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials

Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...

CVE-2019-17116

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

Design/Logic Flaw

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

DEBIAN-CVE-2019-11744

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Design/Logic Flaw

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...

CVE-2019-15944

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message...

CVE-2019-6002

Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

eatogether.com.tw Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-910943 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting eatogether.com.tw website and...

CVE-2019-1003023

The Jenkins Warnings Next Generation Plugin versions 1.0.1 and earlier are vulnerable to cross-site scripting via input to the warnings parser, allowing an attacker who can control parser input to cause Jenkins to render arbitrary HTML. Affected files include DetailsTableModel.java, SourceDetail....

Spoofing

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge...

DSCMS Cross-Site Request Forgery Vulnerability

DESHANG DSCMS is a set of PHP and MySQL based CMS enterprise website building system of China Deshang DESHANG Network Technology Company. A cross-site request forgery vulnerability exists in DESHANG DSCMS version 1.1. A remote attacker can exploit this vulnerability to perform unauthorized...

wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Version 1.4.11, and below, of the wpForo Forum WordPress Plugin were found to be vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability was due to the Plugin using the $SERVER'REQUESTURI' PHP variable to create a URL string that was later output within HTML without any output encodin...

CVE-2018-0585

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...