Cross-site Scripting (XSS)

Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the...

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

BACKCLICK 跨站脚本漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from insufficient output coding of user-supplied data allowing an attacker...

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

PT-2022-27064 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient output encoding of user-supplied data, making the web application vulnerable to cross-site scripting XSS at various locations. Recommendations: For...

CVE-2022-39017

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments...

CVE-2022-39017

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments...

CVE-2022-39017 XSS in all comments fields in M-Files Hubshare

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments...

CVE-2022-39017

CVE-2022-39017 affects M-Files Hubshare (pre-3.3.10.9). The vulnerability arises from improper input validation and output encoding in all comment fields, enabling authenticated attackers to inject cross-site scripting via specially crafted comments. Technical impact is cross-site scripting, with...

PT-2022-24673 · M Files · M-Files Hubshare

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.10.9 Description: The issue is related to improper input validation and output encoding in comments fields, allowing authenticated attackers to introduce cross-site scripting attacks via specially crafte...

Reflected XSS via POST

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

The vulnerability of the software component apt-lib.pl in the Webmin hosting control panel allows a hacker to execute arbitrary code.

The vulnerability of the software/apt-lib.pl component in the Webmin hosting panel is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Subrion CMS XSS

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

GHSA-XVGX-668J-F67P Subrion CMS XSS

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable charting/whiteboard visualization application for JGraph. versions prior to JGraph draw.io 18.0.4 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could explo...

Improper Encoding or Escaping of Output

Gitea before 1.16.7 does not escape git fetch remote...

Cross-site Scripting (XSS)

org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode parameter in the getSafeText function of login.jsp, allowing an attacker to inject and execute malicious javascript...

UBUNTU-CVE-2022-29577

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367...

WSO2 多个产品跨站脚本漏洞

WSO2 API Manager and others are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Dashboard Server is a dashboard server.WSO2 Identity Server IS is an identity server. A security vulnerability exists in several WSO2 products that stems from incorrect output...

Zimbra 安全漏洞

Zimbra Collaboration aka ZCS version 9.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side...