CVE-2020-36416

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Design" parameter under the "Designs" module...

CVE-2020-36409

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Category" parameter under the "Categories" module...

CVE-2020-36414

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "URL slug" or "Extra" fields under the "Add Article" feature...

PHPList Cross-Site Scripting Vulnerability (CNVD-2021-48871)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...

Machform Cross-Site Scripting Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...

osTicket Cross-Site Scripting Vulnerability

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/class.queue.php...

CVE-2021-32683 XSS through createObjectURL

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

jQuery 1.4.2 <= 1.11.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability via vectors related to use of the text method inside after. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

SUSE: Security Advisory (SUSE-SU-2019:2092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-36007

AppCMS 2.0.101 in /admin/template/tplapp.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users...

CVE-2021-20723

Reflected cross-site scripting vulnerability in MailForm01 free edition versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27 allows a remote attacker to inject an arbitrary script via unspecified vectors...

Emerson Rosemount X-STREAM Gas Analyzer Cross-Site Scripting Vulnerability

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A cross-site scripting...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-37197)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the GiveWP...

BoostIO Boostnote Cross-Site Scripting Vulnerability

BoostIO Boostnote is a Markdown editor that supports multiple platforms. Boostnote 0.12.1 suffers from a cross-site scripting vulnerability that stems from an export to PDF containing an opportunity for XSS attacks. No detailed vulnerability details are provided at this time...

CVE-2017-17678

BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting XSS. A DOM-based cross-site scripting vulnerability was discovered in a legacy utility...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2021-34744)

TeamCity is a Java-based build management and continuous integration server from JetBrains. A stored cross-site scripting vulnerability exists in several pages in versions of JetBrains TeamCity prior to 2020.2.3. Detailed vulnerability details are not available at this time...

CloudBees Jenkins Dashboard View Plugin Cross-Site Scripting Vulnerability (CNVD-2021-36583)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CASAP Automated Enrollment Cross-Site Scripting Vulnerability (CNVD-2021-33521)

CASAP Automated Enrollment is an automated enrollment system organized by CASAP USA. The purpose of the project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient and easily retrievable. A cross-site scripting...

Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-8968)

Summary Cross-site scripting vulnerability in the IBM Jazz Foundation affects the following IBM Jazz based Applications: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQ...

Unisys Data Exchange Management Studio Cross-Site Scripting Vulnerability

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...