SUSE CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

SUSE CVE-2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact...

SUSE CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

SUSE CVE-2015-1253

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

SUSE CVE-2018-18245

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

Subrion CMS XSS

panel/uploads/elfl1XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...

Cross-site Scripting in jquery.json-viewer

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

GHSA-QP2Q-6H9J-JG2R Cross-site Scripting in jquery.json-viewer

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

Node.js 跨站脚本漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in jquery.json-viewer version 1.4.0 and earlier versions of Node.js, which stems from the inability to correctly escape characters e.g., in a JSON object, as shown in the SCRIPT element...

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

GHSA-G8JJ-899Q-8X3J Cross-site scripting in json-sanitizer

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

Cross-site Scripting in python-cjson

Python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...

Mahara 跨站脚本漏洞

Mahara is a social networking system owned by Catalyst IT in New Zealand. Mahara is vulnerable to cross-site scripting attacks via the \SCRIPT\ element...

CVE-2016-11085

php/qmnoptionsquestionstab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the questionname parameter because js/adminquestion.js mishandles parsing inside of a SCRIPT element...

Sanitize Cross-Site Scripting Vulnerability

Sanitize is an HTML and CSS cleaner from Ryan Grove Software Developers in the USA that supports removing HTML and CSS from strings and more. A cross-site scripting vulnerability exists in Sanitize 3.0.0 and later versions fixed in version 5.2.1. When using Sanitize's "relaxed" configuration or...

Cross-site Scripting in invenio-communities

Cross-Site Scripting XSS vulnerability in Jinja templates Impact A Cross-Site Scripting XSS vulnerability was discovered in two Jinja templates in the Invenio-Communities module. The vulnerability allows a user to create a new community and include script element tags inside the description and...

CVE-2018-19146

CVE-2018-19146 affects Concrete5 8.4.3. The issue is a stored XSS caused by config/concrete.php allowing administrators to upload SVG files that may contain HTML data with a SCRIPT element. Impact is an XSS vulnerability in Concrete5’s SVG handling, with no further exploit details or affected ver...

Cross site scripting

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...

CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...