Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This...

Cross-Site Scripting (XSS)

Plupload is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the id parameter to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the dnnVariable parameter to the default URI...

Cross site scripting

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

keycloak: XSS-Vulnerability with response_mode=form_post

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

Khan Academy: Cross site scripting (content-sniffing)

Your website may be vulnerable to cross site scripting attacks HTTP request: GET...

Cross-site Scripting (XSS)

primefaces is vulnerable to a cross-site scripting XSS attack. The library does not properly escape HTML elements, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

editor.md is vulnerable to a cross-site scripting attack. The library does not properly sanitize tags during markdown rendering, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

gwt-user is vulnerable to a cross-site scripting XSS attack. The library does not sanitize multiple script elements, allowing a malicious user to inject and execute arbitrary Javascript...

Apache Syncope Cross-Site Scripting Vulnerability

Apache Syncope is an open source system for managing digital identities in enterprise environments, implemented using Java EE technology and released under the Apache 2.0 license. A stored cross-site scripting vulnerability exists in Apache Syncope. A malicious user with sufficient administrative...

GHSA-9H9C-F287-C6VP Improper Control of Interaction Frequency in Apache syncope-core

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the web interface user/ldapuser/add of the FortiOS operating system is due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code through the filter parameter...

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability of the FortiOS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability in the user interface of the FortiOS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using the “redirect” parameter...