CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals in online documentation generated using Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific...

CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals in online documentation generated using Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific...

Syncro Soft Oxygen XML WebHelp 跨站脚本漏洞

Syncro Soft Oxygen XML WebHelp is used by Syncro Soft Romania to convert DITA and DocBook resources to WebHelp output. A security vulnerability exists in Syncro Soft Oxygen XML WebHelp versions prior to 22.1 build 2021082006, 23.x prior to 23.1 build 2021090310, which stems from an XSS...

Adobe RoboHelp 跨站脚本漏洞

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

Thinkst Canarytokens 跨站脚本漏洞

Thinkst Canarytokens is a web activity tracking system. Thinkst Canarytokens suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute Javascript code...

Ember.js 跨站脚本漏洞

Tilde Ember.js is an open source web application framework for JavaScript from Tilde, Inc. in the United States. A security vulnerability exists in Ember.js. An attacker can exploit this vulnerability to execute arbitrary JavaScrip scripts...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-59953)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...

CVE-2022-31065

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

CVE-2022-31064 Cross site scripting in username that will trigger by sending chat

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

WordPress plugin Nested Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...

Design/Logic Flaw

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

Wire 跨站脚本漏洞

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Cross site scripting

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...

Rails 跨站脚本漏洞

Rails is a set of Rails team based on the Ruby language open source web application framework. Rails suffers from a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker can exploit the vulnerability to...