559 matches found
BlueSpice 安全漏洞
BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...
PT-2025-38533
Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars that allows for Cross-Site Scripting XSS. Recommendations Update BlueSpice to a...
PT-2025-38304
Name of the Vulnerable Software and Affected Versions Paraşüt Software Bizmu versions 2.27.0 through 20250212 Description This issue allows for Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations Paraşüt Software Bizmu versions 2.27.0 throu...
CVE-2025-8276
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...
Linux Distros Unpatched Vulnerability : CVE-2024-45699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...
Linux Distros Unpatched Vulnerability : CVE-2018-12606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a...
Cross-site Scripting (XSS)
Overview suitable-django-autocomplete is an A suitable Django autocomplete widget using web components Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ModelAutocompleteView class due to insufficient output encoding in the autocomplete functionality. The...
Cross-site Scripting (XSS)
starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...
CVE-2025-2254
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
CVE-2025-2254
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
UBUNTU-CVE-2025-2254
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
MainWP: Reflected XSS in "Cost Tracker" Notes Field
The reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" input field of the Cost Tracker section in MainWP Version 5.4.0.11. Arbitrary user input in this field was reflected back and executed immediately upon saving, due to the lack of proper input sanitization and outpu...
MainWP: Reflected XSS in "Manage Tags" Notes Field
A reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" input field under the Manage Tags section. Arbitrary input entered into this field was reflected back and executed immediately upon saving, due to the lack of proper input sanitization and output encoding...
WSO2 products vulnerable to Cross-site Scripting
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
PT-2025-23539
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A reflected cross-site scripting XSS issue exists due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. This allows a malicious...
WSO2多款产品 跨站脚本漏洞
WSO2 Identity Server IS and others are products of WSO2, Inc.WSO2 Identity Server is an identity server.WSO2 Enterprise Integrator is an open source hybrid integration platform.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking domain. (WSO2 Open Banking IAM ...