The vulnerability of the xmlattr template filter in Jinja2, a programming language, allows an attacker to perform XSS attacks.

The vulnerability of the xmlattr filter in the Jinja2 templater relates to the lack of protective measures for website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

PT-2024-15042

Name of the Vulnerable Software and Affected Versions CyberMath versions 1.4 through 1.4 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This affects the CyberMath software. Recommendations F...

constructif.fr Cross Site Scripting vulnerability OBB-3847328

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-24062

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...

CVE-2024-1103 CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input leads to cross sit...

CVE-2024-1031 CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The...

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

amc-parts.se Cross Site Scripting vulnerability OBB-3845880

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

netmachinery.net Cross Site Scripting vulnerability OBB-3845850

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2024-10470)

Cisco Unity Connection UC is a set of voice messaging platforms from the U.S. company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from a cross-site scripting vulnerability that stems from the web-based...

homefacts.com Cross Site Scripting vulnerability OBB-3845036

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-23877 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerabilit...

CVE-2024-23865 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this...

reangel.com Cross Site Scripting vulnerability OBB-3842704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

www7.nau.edu Cross Site Scripting vulnerability OBB-3842084

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

flightservice-web.easemytrip.com Cross Site Scripting vulnerability OBB-3841208

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-15668 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.92.1 Description: The issue is related to Reflected Cross-Site Scripting via the disqus name parameter due to insufficient input sanitization and...

chefmorimoto.com Cross Site Scripting vulnerability OBB-3839642

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bbank.ybonline.co.uk Cross Site Scripting vulnerability OBB-3839585

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...