CVE-2019-9541

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5...

CVE-2019-9538

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling...

CVE-2019-9537

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System...

CVE-2019-6033

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-0203

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 unspecified parameters to apps/calendar/ajax/event/new.php or 2 url parameter to apps/bookmarks/ajax/addBookmark.php...

CVE-2015-2793

Cross-site scripting XSS vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openididentifier parameter in a verify action to ikiwiki.cgi...

CVE-2013-0193

Cross-site Scripting XSS in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195...

CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

Design/Logic Flaw

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

CVE-2013-4103

Cryptocat prior to 2.0.22 is vulnerable to Remote Script Injection caused by improper sanitization of user input. Affected software: Cryptocat (versions before 2.0.22). Impact per sources: potential arbitrary script execution in the context of the application. Remediation: upgrade to Cryptocat 2....

DEBIAN-CVE-2013-1951

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

CVE-2010-1673

A cross-site scripting XSS vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment...

CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

CVE-2019-5404 affects HPE 3PAR StoreServ Management Console and Core Software Media prior to 3.5.0.1. A remote script injection vulnerability could allow an attacker to execute client-side code in the management console. The exact exploitation details, including successful attack scenarios, are n...

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

PT-2019-9616 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Extra Contents parameter, also known as the cf 110 parameter in the adm/config form update.php file. This enables attacker...