PT-2024-26895 · Cocalc · Cocalc

Name of the Vulnerable Software and Affected Versions: CoCalc versions prior to the version containing commit 419862a9c9879c Description: The issue concerns the markdown parser in CoCalc, which allows tags to be included and executed when published. There are no known workarounds for this issue...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

Saphira Connect Cross-Site Scripting Vulnerability

Saphira Connect is a mobile application for telephone exchange and call center servers from Saphira Connect, Inc. A cross-site scripting vulnerability exists in versions prior to Saphira Connect 9 that stems from incorrect neutralization of script-related HTML tags in web pages...

Path traversal

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

Fortinet FortiAuthenticator 跨站脚本漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet. Fortinet FortiAuthenticator suffers from a cross-site scripting vulnerability that stems from an improper neutralization of script-related HTML tags in a web page, which can be exploited by an attacker t...

CVE-2023-1013

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Virames Vira-Investing allows Cross-Site Scripting XSS.This issue affects Vira-Investing: before 1.0.84.86...

PT-2023-12533 · Ubit Information Technologies · Ubit Information Technologies Student Information Management System

Name of the Vulnerable Software and Affected Versions: UBIT Information Technologies Student Information Management System versions before 20211126 Description: The issue is related to Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS. This allows for...

PT-2023-21150 · Unknown · Quickentity-Editor-Next

Name of the Vulnerable Software and Affected Versions: quickentity-editor-next versions prior to 1.28.1 Description: The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This...

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

SUSE CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2022-39371

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

Cross site request forgery (csrf)

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

The vulnerability of Siemens’ software and hardware infrastructure lies in the lack of measures taken to eliminate script-related tags on web pages, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of Siemens’ software and hardware infrastructure is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

The vulnerability of the /admin/group/list/ component of the TrueConf Server allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the /admin/group/list/ component of the TrueConf Server relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...