SUSE CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

SUSE CVE-2016-2103

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the list1680466951oldfilterval parameter to systems/PhysicalList.do or 2 unspecified vectors involving systems/VirtualSystemsList.do...

SUSE CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

SUSE CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

SUSE CVE-2016-4566

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

SUSE CVE-2016-5164

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

SUSE CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

SUSE CVE-2016-5205

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

SUSE CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

SUSE CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

SUSE CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

SUSE CVE-2018-5950

Cross-site scripting XSS vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...

SUSE CVE-2021-37958

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page...

SUSE CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...

CVE-2022-42704

A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

Cross site scripting

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

PT-2022-6001 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...