GHSA-FRV8-XJCP-HRM2 phpMyAdmin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

GHSA-FRGF-RV99-862X Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program...

GHSA-452H-RX28-49W9 MoinMoin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the rsslink function in theme/init.py in MoinMoin before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link...

GeSHi vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

TYPO3 CMS indexed search Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search result view in the Indexed Search indexedsearch component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors...

Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

GHSA-W5V7-Q2J4-FVPF Jenkins Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813...

GHSA-M9J7-XCJ7-42J9 MoinMoin Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

GHSA-2H23-C973-X63Q phpMyAdmin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

phpMyAdmin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

GHSA-7P53-8WJR-J8H4 Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-H2FP-XGX6-XH6F Pallets Werkzeug cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

GHSA-VCQ7-X4WR-W2MJ Joomla! vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...

Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

GHSA-6C8C-F2W2-JVJR Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

GHSA-C8C8-9472-W52H Django Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

GHSA-PP4C-2692-7F37 Plone Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

GHSA-CHVW-GJXF-F8MC Plone vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...