GHSA-9CVR-8XQ4-2M73 Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Piwik (now Matomo) Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 Flash Video aka FLV files and 2 YouTube...

GHSA-5FGV-CVR8-XG48 Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...

YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

GHSA-X5HJ-47VV-53P8 YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML...

GHSA-8G68-2HCJ-H8VG OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface

Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name...

Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...

Alkacon Open CMS XSS via Logfile Viewer Settings function

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

GHSA-M84W-VGWF-P893 MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...

GHSA-6VHP-HP77-6W52 Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

Jenkins CI Game Plugin allows Cross-Site Scripting (XSS)

Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin...

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a...

VulnCheck KEV: CVE-2018-6882

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML...

CVE-2022-27496

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

Aternity SteelCentral AppInternals 跨站脚本漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A cross-site scripting vulnerability exists in Aternity SteelCentral AppInternals, which can be exploited by remote attackers to inject malicious script or HTML code...

Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module

Cross-site scripting XSS vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output o...