CVE-2020-14055

Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547,...

CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

Cross site scripting

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

Subrion CMS 4.2.1 Cross Site Scripting

Title: Subrion CMS 4.2.1 Cross-Site Scripting XSS Date: 02-12-2019 Author: Christian Bortone Contact: [email protected] Vendor Homepage: https://subrion.org/ Vulnerable Product: Subrion CMS 4.2.1 CVE : CVE-2019-20389 1. Description: A cross-site scripting vulnerability was identified in...

The vulnerability of the software component responsible for implementing the MediaWiki hypertext environment lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to compromise the integrity of the data.

The vulnerability of the software component responsible for implementing the MediaWiki hypertext environment is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

CVE-2019-12442

An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...

Cross site scripting

An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...

CVE-2019-12442

CVE-2019-12442 affects GitLab Enterprise Edition 11.7–11.11. The issue is a persistent cross-site scripting (XSS) vulnerability on child epics caused by lack of input validation and insufficient output encoding on the epic details page. This is detailed across multiple sources (GitLab advisories,...

CVE-2019-12442

An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...

CVE-2019-12442

Removed by vendor...

Remote Code Execution Vulnerability in Application Inspector

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external...

Cross site scripting

The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...

CVE-2019-15602

The CVE-2019-15602 entry concerns the fileview package v0.1.6, which contains inadequate output encoding/escaping that leads to a stored XSS vulnerability in served files. Multiple connected records corroborate this: all versions of fileview are vulnerable to XSS via unsanitized filenames, allowi...

Contao Output Improperly Encoded or Escaped Vulnerability

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. An improper output encoding or escaping vulnerability exists in Contao versions 4.8.4 and 4.8.5. An attacker can exploit this vulnerability by...

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

CVE-2019-6784

GitLab CVE-2019-6784 affects GitLab Community and Enterprise Edition: versions before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1 are vulnerable. A persistent XSS flaw arises in Markdown processing due to lack of input validation and output encoding when KaTeX is processed. Impact is l...