Cross-site Scripting (XSS)

org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode parameter in the getSafeText function of login.jsp, allowing an attacker to inject and execute malicious javascript...

UBUNTU-CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

WSO2 多个产品跨站脚本漏洞

WSO2 API Manager and others are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Dashboard Server is a dashboard server.WSO2 Identity Server IS is an identity server. A security vulnerability exists in several WSO2 products that stems from incorrect output...

Zimbra 安全漏洞

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...

CVE-2021-23283

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

Intelligent Power Protector跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Software. A cross-site scripting vulnerability exists in Eaton Intelligent Power Protector IPP prior to version 1.69, which stems from insufficient validation of user input and improper encoding of output for certain resources in the IPP software...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from a lack of mechanisms for encoding or shielding output data. This allows attackers to gain access to confidential information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

Cross site scripting

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

CVE-2022-22571

CVE-2022-22571 affects Incapptic Connect. The vulnerability arises from incorrect output encoding, enabling a stored XSS when exploited by an authenticated high-privileged user. Affected scope is described as all current versions; exploitation requires authentication and elevated privileges, with...

CVE-2022-22571

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions...

Cross-site Scripting (XSS) - Stored

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content. Proof ...

The vulnerability of the MongoDB database management system allows attackers to compromise data integrity.

The vulnerability of the MongoDB database management system lies in the lack of mechanisms for encoding or filtering output data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

The vulnerability of the XML DOM implementation lies in the lack of mechanisms for encoding or escaping output data, allowing attackers to compromise the integrity of the data.

The vulnerability of the XML DOM implementation is related to improper filtering of special characters. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

Money Transfer Management System 跨站脚本漏洞

A cross-site scripting vulnerability exists in Money Transfer Management System version 1.0, a money transfer management system. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute...

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Then, the vulnerability can be triggered when the user previews the document´s content. Proof of Concept login and navigate task Dependencies This task depends on: This task is a...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Learning Courses plugin in versions prior to 5.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An...

The vulnerability of the URI module in the Ansible configuration management system arises from a lack of mechanisms for encoding or shielding output data, allowing attackers to access confidential information.

The vulnerability of the Ansible configuration system’s module module relates to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow attackers to access confidential data...