852 matches found
CVE-2022-2178
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saysis Computer Starcities allows Cross-Site Scripting XSS. This issue affects Starcities: before 1.1...
CVE-2022-2178
CVE-2022-2178 corresponds to a cross-site scripting (XSS) flaw in Saysis Computer Starcities prior to version 1.1, arising from improper neutralization of input during web page generation. The vulnerability could allow injection of malicious scripts when rendering pages. Affected product/version:...
CVE-2023-27294
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...
CVE-2023-27293
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...
CVE-2023-27294
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...
Apache Sling 跨站脚本漏洞
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170 compliant content repositories such as Apache Jackrabbit. A cross-site scripting vulnerability exists in Apache Sling 1.1.4...
CVE-2022-4092
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...
CVE-2022-39950
An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...
Cross site scripting
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...
CVE-2021-43081
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...
CVE-2021-43081
An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...
Weblate 跨站脚本漏洞
A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...
Cross site scripting
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...
CVE-2021-3853
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4169
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3977
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4139
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4132
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
PT-2021-23274 · Unknown · Livehelperchat
Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means that the software does not properly neutralize use...
CVE-2021-4124
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...