CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie...

Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

GHSA-QFHW-FV3G-V836 Plone has stored XSS in folder contents

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A Dom-based Cross-sit...

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

Code injection

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

Emoji-Button 跨站脚本漏洞

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an inpu...

CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

WordPress plugin Highlight 跨站脚本漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in Wordpress Plugin Highlight, which stems from the...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

PYSEC-2021-110

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

Plone 跨站脚本漏洞

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

GO-2022-0762 Cross-site scripting due to incorrect sanitization in github.com/microcosm-cc/bluemonday

An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the tag...

Kirby 跨站脚本漏洞

Kirby is a file-based content management system CMS. Kirby suffers from a cross-site scripting vulnerability that allows a write-access editor to upload SVG files containing harmful content such as "script" tags...

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform is related to the failure to take measures to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2020-7691

In all versions of the package jspdf, it is possible to use script in order to go over the filtering regex...