Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

CVE-2021-35959

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

CVE-2018-16622

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

Store XSS in Question Tag

Description Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc... Proof of Concept 1、Register and log in as a user, add new questions and add tags 2、Insert the following payload in the tag description html 3、Post a question 4、When oth...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Subversion Plugin, which stems from not escaping the name and...

PYSEC-2021-110

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

CVE-2011-4346

Cross-site scripting XSS vulnerability in the web interface in Red Hat Network RHN Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page...