The vulnerability of the user interface of Cisco Webex Meetings software allows attackers to perform cross-site scripting attacks.

The vulnerability of the user interface of Cisco Webex Meetings software relates to the lack of measures taken to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability in the web interface of the Cisco Webex Teams collaboration software allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Cisco Webex Teams software interface relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2020-25626

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove scipt-related HTML tags from web pages. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform is related to the failure to remove script-related tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

PT-2020-3636 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 3.7.34 through 5.3.4 Description: The issue is related to the lack of neutralization of script-related HTML tags on a web page, which can be exploited by a remote attacker to compromise dat...

UBUNTU-CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

Cross-site Scripting (XSS)

Overview jquery is a package that makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting XSS. load fail...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. PoC A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...

The vulnerability of the IBM QRadar SIEM system for event collection and analysis arises from the failure to implement measures to neutralize script-related tags. This allows attackers to disclose protected information.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the failure to implement measures to neutralize script-related tags. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Cross-Site Scripting (XSS) in restify

Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response: alert73541;...

Session fixation

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

Monstra CMS 3.0.4 - Cross-Site Scripting (2)

Monstra CMS 3.0.4 - Cross-Site Scripting 2 Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Date: 2018-05-17 Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monst...

CVE-2016-10699

D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...

CVE-2012-5636

Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to tags in a rendered response...

CVE-2015-3161

The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...