Cross site scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...

CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting

The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...

CVE-2021-37462

Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= reflected...

Cross-site scripting in RESTEasy

A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

Cross site scripting

A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2020-73173)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in BIG-IP versions 14.1.0 - 14.1.2.6 that allows for reflected XSS attacks, which...

CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

Cross site scripting

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...

CVE-2020-24443

Adobe Connect version 11.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

Engel & Völkers Technology GmbH: CSS-Reflected

Summary: Cross Site Scripting reflected Steps To Reproduce: This POC is on how to redirect user to the malicious website to steal credentials or any sensitive information. 1.How the request has been intercepted F1074840 2.What was the ResponseRendered F1074843 or F1074850 3.Which tools are used: ...

Cross site scripting

Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

CVE-2020-10688

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

ovirt-engine: response_type parameter allows reflected XSS

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session...

Microstrategy Library Cross-Site Scripting Vulnerability

Microstrategy is a suite of business analytics and mobility platforms from Microstrategy, Inc.Microstrategy Library is an interactive application for the MicroStrategy platform. A cross-site scripting vulnerability exists in Microstrategy Library. This allows remote attackers to perform reflected...

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may...

PT-2019-5406 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7, openshift-enterprise-3.9 through 3.11 Description: A reflected XSS issue exists in the authorization flow, allowing an attacker to steal...

Cross site scripting

Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between thei...

GHSA-4QQ9-RRQ6-48FF Cross site scripting in org.apache.nifi:nifi

The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a pri...

CVE-2018-7355

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection...