Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss — The Hacker News

Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers,...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists in the widget function in checkboxradio.js due to a lack of input sanitization which allows a malicious attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

ameos/ameostarteaucitron is vulnerable to cross-site scriptingXSS attacks. The library does not properly encode the user input in displayParticipantsFormAction function, allowing an attacker to inject and execute malicious javascript on the target system...

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

Businesses know they need to secure their client-side scripts. Content security policies CSPs are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours or days in manual code...

Cross-site Scripting (XSS)

jetspeed-portal is vulnerable to cross-site scripting. The vulnerability exists because the library does not properly filter the untrusted user inputs by default, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

silverstripe/assets is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the args parameter in regenerateshortcode function...

BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-58952)

BigBlueButton is an open source Web conferencing system from the BigBlueButton community.A cross-site scripting vulnerability exists in versions prior to BigBlueButton 2.4.8 and prior to 2.5.0, which stems from users in private chat-enabled meetings being vulnerable to malicious JavaScript attack...

Design/Logic Flaw

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability exists due to the insufficient sanitization in the input urls, allowing an attacker to inject and execute malicious javascript when using an older browser with built-in XSS protection is disabled...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability exists in the old browsers with the XSS protection is disabled, allowing an attacker to inject and execute malicious javascript as the library does not properly escape malicious inputs by default...

parse-url 跨站脚本漏洞

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...

Cross-site Scripting (XSS)

tomcat is vulnerable to cross-site scripting. The vulnerability exists because the user-provided name, value, and type form attributes are not filtered before being displayed on the web page, allowing an attacker to inject and execute malicious javascript...

Dell Wyse Management Suite 跨站脚本漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A cross-site scripting vulnerability exists in Wyse Management Suite 3.6.1 and prio...

WordPress Theme Atahualpa 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress theme is a theme for WordPress. WordPress Atahualpa Theme is vulnerable to a cross-site scripting...

Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the $preTag parameter in filterTags of Request.php...