Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Cross-site scripting in jspdf

Overview In jspdf before version 2.0.0 it is possible to inject JavaScript code via the html method. Recommendation Upgrade to version 2.0.0 or later References - CVE - GitHub Advisory...

CVE-2021-24290

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages...

CVE-2021-24290

Store Locator Plus for WordPress (plugin) versions up to 5.5.15 are affected by an unauthenticated stored cross-site scripting (XSS) vulnerability. The CVE describes multiple endpoints that could allow an attacker to inject malicious JavaScript into pages. Affected component: the WordPress plugin...

CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

Design/Logic Flaw

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

UBUNTU-CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

CVE-2019-14827

CVE-2019-14827 concerns Moodle where JavaScript injection is possible in some Mustache templates due to recursive rendering from contexts. The root cause is that Mustache helper tags in template contexts were not escaped before being injected into another Mustache helper, enabling potential scrip...

CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

IBM QRadar SIEM Cross-Site Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

Sourcecodester Equipment Inventory System Cross-Site Scripting Vulnerability

Sourcecodester Equipment Inventory System is a Sourcecodester open source application. It is used to organize and track its equipment. Sourcecodester Equipment Inventory System 1.0 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary javascrip...

Huawei P30 JavaScript injection vulnerability

Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...

SuiteCRM Cross-Site Scripting Vulnerability (CNVD-2021-33995)

SuiteCRM is a free open source customer relationship management application. A cross-site scripting vulnerability exists in the customer account page of SuiteCRM versions prior to 7.11.19. An attacker can exploit the vulnerability to inject JavaScript via the name field...

CVE-2021-30172

Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS Cross-site scripting attacks, additionally access and manipulate customer’s...

CVE-2021-30170

Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS Stored Cross-site scripting attacks, additionally access and manipulate customer’s information...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters...

XSS in fieldID - CVE 2021-26079

The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. Affected...

竣禾科技 ERP POS 跨站脚本漏洞

Junghwa Technology ERP POS System is an application software of China Junghwa Technology Co. system used for ERP management. ERP POS suffers from a cross-site scripting vulnerability that originates from special characters on the customer profile page not being filtered during user input, which...