The vulnerability of the preview function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client allows a hacker to bypass the Content Security Policy (CSP) protection mechanism.

The vulnerability of the pre-viewing function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client is related to a lack of mechanisms for encoding or blocking output data when processing headers. Exploiting this vulnerability could allow an attacker to...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-28710

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component...

CVE-2023-6911

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting XSS attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console...

CVE-2023-39096

WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting XSS vulnerability due to lack of input validation and output encoding...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

CVE-2021-24147

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting...

CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2021-24180

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious UR...

CVE-2021-24136

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

CVE-2021-24127

Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting XSS, which could lead to privilege escalation...

CVE-2021-24124

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown could lead to privileged escalation...

CVE-2020-7292

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL...

CVE-2020-14055

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...

CVE-2019-5471

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...