Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Note: The plugin requires WPBakery Page...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in setName of Rule.php due to improper sanitization of input name parameter which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

editor.md is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in filterHTMLTags function at editormd.js because the inputs are not properly filtered which allows an attacker to inject and execute arbitrary JavaScript...

BoxBilling Cross-Site Scripting Vulnerability

BoxBilling is open source billing and customer management software for BoxBilling individual developers. A cross-site scripting vulnerability exists in BoxBilling versions 4.19,4.19.1,4.20,4.21, which stems from arbitrary code that can be run via a form for submitting a new ticket. An attacker ca...

CVE-2023-32066

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

Cross-Site Scripting (XSS)

wwbn/avideo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in success parameter of script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

PT-2025-1389 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator version 6.2.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentiall...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is an integrated platform that helps business users rapidly automate all aspects of business operations at scale. A cross-site scripting vulnerability exists in IBM Business Automation Workflow versions 18.0.0.0 through 22.0.2, which can be exploited by an attacke...

CVE-2023-25827 Cross-site Scripting in OpenTSDB

Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a...

PT-2023-20332 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

GHSA-XGH5-GWQ5-RPX8 Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

CVE-2023-30177

CraftCMS 3.7.59 is vulnerable Cross Site Scripting XSS. An attacker can inject javascript code into Volume Name...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic USA. A security vulnerability exists in Pixel & tonic Craft CMS version 3.7.59. An attacker exploited the vulnerability to inject javascript code into Volume Name...

GHSA-44H9-XXVX-PG6X XWiki App Within Minutes app grants space admin rights that allows cross-site scripting

Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...

XWiki App Within Minutes app grants space admin rights that allows cross-site scripting

Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...