PT-2020-5797

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.2.0 through 1.2.12 Roundcube Webmail versions 1.3.x through 1.3.15 Roundcube Webmail versions 1.4.x through 1.4.9 Description: An issue was discovered in Roundcube Webmail, where the linkref addindex function in...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

CVE-2020-25702

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...

CVE-2020-25702

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...

CVE-2020-25702

CVE-2020-25702 affects Moodle: JavaScript can be included when renaming content bank items in versions 3.9 through 3.9.2. The issue is addressed in Moodle 3.9.3 and Moodle 3.10. The CVE is documented with two metrics: CVSS2 (4.3, MEDIUM) and CVSS3.1 (6.1, MEDIUM). The vulnerability arises from th...

CVE-2020-28129

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

SourceCodester Online Clothing Store 跨站脚本漏洞

SourceCodester Online Clothing Store is a website builder system from SourceCodester, Inc. that provides online clothing store functionality. A cross-site scripting vulnerability exists in SourceCodester Online Clothing Store version 1.0, which originates from the vulnerability is via an Offer...

Cross-Site Scripting (XSS)

jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the gettext and ngettext function due to the lack of output sanitization...

Zimbra Collaboration Server < 8.8.15 P11 / 9.x < 9.0.0 P4 XSS

According to its self-reported version number, Zimbra Collaboration Server is below 8.8.15 Patch 11, or 9.x prior to 9.0.0 Patch 4. It is, therefore, affected by a cross-site scripting XSS vulnerability in the Webmail component. An unauthenticated, remote attacker can exploit this, by convincing ...

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2020-62468)

IBM Content Navigator is a Web client that provides users with a console that enables them to access, manage, and use corporate content anytime, anywhere, from any location in the organization on virtually any mobile device. A stored cross-site scripting vulnerability exists in IBM Content...

CVE-2020-4760

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737...

Joplin Desktop Cross-Site Scripting Vulnerability

Joplin is an open source notes and to-do list application. A cross-site scripting vulnerability exists in Joplin Desktop version 1.2.6, which stems from the lack of proper validation of client-side data via a link in a note, and can be exploited by an attacker to inject JavaScript code into the...

Cross-site Scripting (XSS)

dompurify is vulnerable to Cross-Site ScriptingXSS. The vulnerability exists when converting from the SVG namespace, allowing an attacker to inject and execute arbitrary Javascript...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

CVE-2020-27359

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...

CVE-2020-27182

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

WSO API Manager Cross-Site Scripting Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...

Cross-Site Scripting (XSS)

scratch-svg-renderer is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript via an SVG document due to the lack of escaping in the transformMeasurements function...