Cross-site Scripting (XSS)

rails is vulnerable to cross-site scriptingXSS attacks. The use of the innerHTML in checkNoMatch function allows a remote authenticated attacker to inject and execute malicious JavaScript on victim's browser...

Cross-Site Scripting (XSS)

rdiffweb is vulnerable to cross-site scripting. The vulnerability exists due to lack of validations in fullname,username and email which allows a remote attacker to inject and execute malicious javascript into the system...

Cross-site Scripting (XSS)

Zinc is vulnerable to cross-site scripting. The vulnerability exists because the delete template functionality in Template.vue incorrectly escapes the name attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...

Design/Logic Flaw

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

Cross-site Scripting (XSS)

github.com/dutchcoders/transfer.sh is vulnerable to cross-site scriptingXSS attacks. The library is unable to determine the content type of the file inserted through ContentType metadata, which allows an attacker to inject and execute malicious javascript on victim's browser...

CVE-2022-1719

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page...

Cross-site Scripting (XSS)

org.keycloak:keycloak-themes is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize inputs in certain UI fields in client registration, which allows a malicious authenticated user to inject and execute malicious javascript on the admin console...

Trudesk 跨站脚本漏洞

Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame USA. A cross-site scripting vulnerability exists in Trudesk versions prior to 1.2.2, which stems from reflected XSS on the ticket filtering functionality, which is capable of executing malicious javascript code in ...

Cross-site Scripting (XSS)

jodit is vulnerable to cross-site scripting. The library does not properly escape specially constructed input through stripTags when a user copy-pastes content from a page controlled by the attacker, which allows malicious javascript execution on victim's browser...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists in the createNewElement function of BaseElementSelectInput.js due to a lack of sanitization in the elementInfo attribute, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the fldTabHtml and fldFieldSelectorsHtml functions of Cp.php does not properly encode the tab and groupName parameters, allowing an attacker to inject and execute malicious javascript...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

Cross site scripting

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

Cross-Site Scripting (XSS)

typo3/cms and typo3/html-sanitizer are vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable typo3/html-sanitize dependency used in composer.json, which does not properly sanitize sequences with special HTML comments, allowing an attacker to inject and execute malicio...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...

PT-2022-5087 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.13.0 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this by convincing a victim to visit a specially crafted URL referencing...