CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 is affected by a stored XSS in uploaded files (viewimage.php) that can execute JavaScript when an arbitrary link on the Dolibarr domain is clicked. The issue stems from lack of contextual output encoding in the uploaded content, enabling exploitation by low-privilege users ...

GitLab CE/EE Cross-Site Scripting Vulnerability (CNVD-2019-23572)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A persiste...

CVE-2018-19493

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...

CVE-2018-19493

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...

CVE-2018-19493

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding...

CVE-2018-19493

Removed by vendor...

Cross-Site Scripting (XSS)

uima-ducc-web is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters due to the lack of output encoding...

Cross site scripting

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element...

Cross-site Scripting (XSS)

mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...

CVE-2019-6796

Removed by vendor...

Node.js third-party modules: [file-browser] Inadequate Output Encoding and Escaping

I would like to report stored xss in file-browser module It allows an attacker to embed malicious js code as filenames,which get executed once browsed to the file over the web browser Module module name: file-browser version: 0.0.5 npm page: https://www.npmjs.com/package/file-browser Module...

Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...

Bayanno Hospital Management System 4.0 Cross Site Scripting

Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...

Bayanno Hospital Management System 4.0 - Cross-Site Scripting

Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...

GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16519)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

GitLab Cross-Site Scripting Vulnerability (CNVD-2018-16515)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

Cross site scripting

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding...

Cross-Site Scripting (XSS)

statics-server is vulnerable to cross-site scripting XSS. It is possible for an attacker to inject malicious iframe tags via the filename parameter and execute arbitray Javascript code. This is due to a lack of output encoding when the statics-server displays the directory index...

Design/Logic Flaw

IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2018-08347)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in several pages i...