The vulnerability of the application deployment automation tool in Kubernetes ArgoCD, related to the failure to remove script-related HTML tags from web pages, allows attackers to perform cross-site scripting attacks.

The vulnerability of the application deployment automation tool in Kubernetes ArgoCD is related to the lack of measures taken to eliminate script-related HTML tags on the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

The vulnerability of the Java Runtime Environment software lies in the lack of measures taken to eliminate scipt-related tags on web pages, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the Java Runtime Environment software relates to the failure to remove scipt-related tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

The vulnerability of the microprogramming software in industrial switches SCALANCE X302-7 EEC, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-4M EEC, SCALANCE XR324-4M PoE, SCALANCE XR324-12M, SCALANCE XR324-12M TS, and SIPLUS NET SCALANCE X308-2. This vulnerability is related to the failure to eliminate HTML tags related to scripts on web pages, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the microprogrammed software in industrial switches SCALANCE X302-7 EEC, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE...

Cross site scripting in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability in the web interface for managing Cisco Firepower Management Center FMC software involves the failure to remove script-related HTML tags from the web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management, and problem management functionality. A cross-site scripting vulnerability exists ...

Cross site scripting

VMware Workspace ONE Boxer contains a stored cross-site scripting XSS vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window...

jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

Rocket.Chat: Content-Security Policy bypass with File Uploads

The default Content-Security Policy CSP in Rocket.Chat versions 4.0.3 and 3.18.2 was bypassed by uploading a JavaScript file through the file upload feature. This file could then be included in the web application, allowing the execution of arbitrary scripts...

The vulnerability of the Admin Console console for Oracle WebLogic Server applications allows attackers to execute cross-site scripting attacks.

The vulnerability of the Admin Console console of Oracle WebLogic Server applications relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

GHSA-3Q6F-8GRX-PR4V Cross-site scripting in jspdf

It's possible to use nested script tags in order to bypass the filtering regex...

Cross-site scripting in jspdf

It's possible to use nested script tags in order to bypass the filtering regex...

The vulnerability of Cisco WebEx Meetings software relates to the failure to remove script-related HTML tags from web pages, allowing attackers to perform cross-site scripting attacks.

The vulnerability of Cisco WebEx Meetings software relates to the lack of measures taken to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2021-24218

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...

Cross site request forgery (csrf)

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

CVE-2020-26287

Summary (CVE-2020-26287) : HedgeDoc prior to version 1.7.1 is vulnerable to cross-site scripting through injection of arbitrary [removed] tags in notes created via mermaid diagrams. The underlying issue stems from a permissive content security policy that allowed loading scripts from certain orig...

DEBIAN-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...