Cross site scripting

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

swagger-ui: cross-site scripting in key names

It was found that swagger-ui contains a cross site scripting XSS vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files...

Cross-Site Scripting (XSS)

Overview Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response:...

Escape or filter script tags in "all activity" panel

We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...

cross_domain_js

Find script tags with src attributes that point to a different domain. It is important to notice that websites that depend on external javascript sources are delegating part of their security to those entities, so it is imperative to be aware of such code. Plugin type Grep Options This plugin...

DEBIAN-CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

PT-2011-1587 · Mhonarc · Mhonarc

Name of the Vulnerable Software and Affected Versions: MHonArc version 2.6.16 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element. This can be...

usd250 helpdesk XSS vulnerabily.

http://www.oneorzero.com/ Within the helpdesk utility usd250, an XSS in the comments field is possible. The comments strip script tags and replace them with not allowed, but script tags dont need to be in place for XSS. Something along the lines of... b onmouseover="window.alert'omghax'"some text...

Design/Logic Flaw

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

CVE-2006-2435

Technical details for CVE-2006-2435 are not publicly disclosed in the provided documents; the records only reiterate an unspecified vulnerability in IBM WebSphere Server with potential script-injection in URLs. Monitor for updates in connected sources.

CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

ProductCart XSS Vulnerability

ProductCart XSS Vulnerability found by atomix i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as script and iframe to be used: http://www.website.com/ProductCart/pc/msg.asp?message=scriptalert document.cookie;/script...

CVE-2001-1004

Cross-site scripting CSS vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags...

CVE-2001-0999

Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...

CVE-2001-0519

Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags...

CVE-2001-0520

CVE-2001-0520 affects Aladdin eSafe Gateway versions 3.0 and earlier. The vulnerability allows a remote attacker to bypass filtering of SCRIPT tags by embedding scripts within certain HTML constructs (e.g., onload in BODY, href in A, BUTTON, INPUT, or other tag-defined scripts). The NVD entry lis...

CVE-2000-0116

The CVE-2000-0116 entry affects Firewall-1. The vulnerability arises from insufficient filtering of script tags; attackers can bypass the Strip Script Tags restriction by prefixing an extra

fw1_script.tags.txt

Hi all, The "Strip Script Tags" in FW-1 can be circumvented by adding an extra tag like in this code: alert"hello world" test This code will pass unchanged, and still execute in both Navigator and Explorer. I tried this on version 3.0 of FW-1 on Windows NT 4.0 but I'm not able to check it on...

CVE-2000-0116

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra in front of the SCRIPT tag...