Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 Flash Video aka FLV files and 2 YouTube...

GHSA-5FGV-CVR8-XG48 Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...

GHSA-9WW8-J8J2-3788 YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitra...

YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

GHSA-64R3-582J-FRQM YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

GHSA-X5HJ-47VV-53P8 YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML...

GHSA-8G68-2HCJ-H8VG OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface

Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name...

Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...

Alkacon Open CMS XSS via Logfile Viewer Settings function

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

GHSA-M84W-VGWF-P893 MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...

GHSA-6VHP-HP77-6W52 Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

Jenkins CI Game Plugin allows Cross-Site Scripting (XSS)

Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin...

CVE-2021-38903

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB and JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a...

CVE-2022-26594

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's form builder, or 2 App Builder module's object form...

VulnCheck KEV: CVE-2018-6882

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML...

CVE-2022-27496

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Aternity SteelCentral AppInternals 跨站脚本漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A cross-site scripting vulnerability exists in Aternity SteelCentral AppInternals, which can be exploited by remote attackers to inject malicious script or HTML code...