Linux Distros Unpatched Vulnerability : CVE-2018-12606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a...

Linux Distros Unpatched Vulnerability : CVE-2024-45699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...

Cross-site Scripting (XSS)

Overview suitable-django-autocomplete is an A suitable Django autocomplete widget using web components Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ModelAutocompleteView class due to insufficient output encoding in the autocomplete functionality. The...

Cross-site Scripting (XSS)

starcitizentools/citizen-skin is vulnerable to cross-site scripting XSS. The vulnerability is due to inadequate output encoding due to date messages returned by Language::userDate being directly inserted into raw HTML, allowing users with editinterface rights to inject arbitrary HTML...

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

UBUNTU-CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

MainWP: Reflected XSS in "Cost Tracker" Notes Field

The reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" input field of the Cost Tracker section in MainWP Version 5.4.0.11. Arbitrary user input in this field was reflected back and executed immediately upon saving, due to the lack of proper input sanitization and outpu...

MainWP: Reflected XSS in "Manage Tags" Notes Field

A reflected Cross-Site Scripting XSS vulnerability was discovered in the "Notes" input field under the Manage Tags section. Arbitrary input entered into this field was reflected back and executed immediately upon saving, due to the lack of proper input sanitization and output encoding...

WSO2 products vulnerable to Cross-site Scripting

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

PT-2025-23539

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A reflected cross-site scripting XSS issue exists due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. This allows a malicious...

WSO2多款产品 跨站脚本漏洞

WSO2 Identity Server IS and others are products of WSO2, Inc.WSO2 Identity Server is an identity server.WSO2 Enterprise Integrator is an open source hybrid integration platform.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking domain. （WSO2 Open Banking IAM ...

The vulnerability of the preview function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client allows a hacker to bypass the Content Security Policy (CSP) protection mechanism.

The vulnerability of the pre-viewing function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client is related to a lack of mechanisms for encoding or blocking output data when processing headers. Exploiting this vulnerability could allow an attacker to...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...