PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform is related to the failure to take measures to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2020-7691

In all versions of the package jspdf, it is possible to use script in order to go over the filtering regex...

PT-2020-6926 · Jquery +5 · Jquery +5

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 1.9.0 Description: The issue allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed...

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments scripts into a legitimate web page...

RemShutdown 2.9.0.0 - Name Denial of Service (PoC)

RemShutdown 2.9.0.0 - Name Denial of Service PoC Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested o...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” relates to insufficient protection of the website structure, allowing attackers to execute arbitrary JavaScript code in the browser of the connected client.

The vulnerability of the component that allows sending messages to connected users in the enterprise resource management system Galaktika ERP is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript...

Pluck Cross-Site Scripting Vulnerability

Pluck is a simple content management system CMS written in PHP. A cross-site scripting vulnerability exists in Pluck version 4.7.7, which can be exploited by remote attackers to execute scripts via SVG files with Javascript code in the SCRIPT element...

Yellow Pages Script 3.2 - &#039;category_id&#039; SQL Injection

Exploit Title: Yellow Pages Script v3.2 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yellow-pages-script/ Demo: http://demo.phpjabbers.com/index.php?demo=yps&front=1&lid=1 Version: 3.2 Tested on: Win7 x64, Kali...

The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net

the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

Check Point Software Firewall-1 3.0 Script Tag Checking Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/954/info Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3,...

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

This module creates an input format suitable for use within a WYSIWYG editor. It adds support for the iframe HTML tag, making it friendly with the popular iframe embeds available in popular video sites like YouTube and Vimeo. It supports the script tag too. Both tags will only be allowed if the...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Stack overflow

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

CVE-2009-1209

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

CVE-2009-1209

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute...

openSUSE 10 Security Update : qt (qt-3050)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

openSUSE 10 Security Update : libqt4 (libqt4-3056)

qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror CVE-2007-0242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...