6 matches found
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...
CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
SUSE CVE-2005-3570
Unspecified cross-site scripting XSS vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages"...
UBUNTU-CVE-2022-2514
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim...
PT-2019-11804 · Jenkins · Jenkins Log Parser Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Log Parser Plugin versions 2.0 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because an error message is not properly escaped, allowing exploitation by users who can define log parsin...