20 matches found
GitLab 18.6 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1282)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject...
CVE-2024-53988 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-22229
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious...
CVE-2022-23519 Possible XSS vulnerability with certain configurations of rails-html-sanitizer
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
PT-2020-4315 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint...
PT-2020-4016 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a...
PT-2020-4015 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a...
PT-2020-4151 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a...
CVE-2020-1580
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
PT-2020-3661 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests to an affected Dynamics server. An authenticated attacker could...
PT-2020-3797 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A spoofing issue exists due to improper sanitization of specially crafted web requests to an affected SharePoint server. An authenticated attacker could exploit this by...
PT-2020-3978 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This could allow a remote attacker to perform cross-site scripting...
PT-2020-1921 · Microsoft · Sharepoint Server +2
Name of the Vulnerable Software and Affected Versions: Microsoft Business Productivity Servers versions affected versions not specified SharePoint Enterprise Server versions affected versions not specified SharePoint Foundation versions affected versions not specified Description: The issue is...
PT-2020-1802 · Microsoft · Sharepoint Server
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. This could allow a remote attacker to perform cross-site scriptin...
CVE-2019-19830
core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...
CVE-2019-1036
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
CVE-2013-6964
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197...
Cross site scripting
Cross-site scripting XSS vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors...
Frame spoofing using document.open() — Mozilla
shutdown demonstrated a way to inject content into a sub-frame of another site using targetWindow.framesn.document.open, making the attackers content look like it was part of the victim site. Similar in effect to MFSA 2005-51...