246 matches found
CVE-2010-3672
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...
DEBIAN-CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never...
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never...
CVE-2019-10074
CVE-2019-10074 affects Apache OFBiz where Freemarker markup in a Form Widget textarea can trigger remote code execution if encoding is disabled on that field (notably in the Customer Request “story” input of Order Manager). Root cause: disabling encoding on a user input field allows untrusted mar...
Cross-site Scripting (XSS)
Mozilla is vulnerable to cross-site scripting XSS. It does not handle the parameters provided through title and textarea elements using innerHTML, allowing an attacker to inject arbitrary scripts through it...
Mozilla: XSS by breaking out of title and textarea elements using innerHTML
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
UBUNTU-CVE-2019-11744
Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...
CVE-2019-12970
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of...
Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS
Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...
Cross site scripting
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...
CVE-2018-11430
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea...
CVE-2018-11430
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea...
MyBB Moderator Log Notes 1.1 Cross Site Scripting
Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...
Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?srank=1327...