39 matches found
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
CVE-2022-46905
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...
CVE-2022-38902
Summary (CVE-2022-38902) : In Liferay Digital Experience Platform (DXP) 7.3.10 SP3, a Cross-site Scripting (XSS) vulnerability exists in the Blog module’s add-topic flow. The issue allows remote attackers to inject arbitrary JavaScript or HTML via the name field when creating a new topic. Affecte...
PYSEC-2022-249
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2022-2511
Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...
CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...
CVE-2019-10336
A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...
PT-2016-17: Cross-Site Scripting in SAP NetWeaver
The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in SAP NetWeaver. Reflected cross-site scripting in the "/com.sap.portal.themes.styleservice.LockingTestPortalComponent" component allows remote attackers to inject arbitrary HTML tags including...
PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC
The specialists of the Positive Research center have detected an Arbitrary HTML Injection vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The integrated web server port 80/tcp and port 443/tcp of the affected device might allow attackers to inject HTML headers. How to fix Update your firmware u...
Drupal Embedded Media Field Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...
Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)
The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...
Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)
The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...
CVE-2005-0606
Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...
CVE-2004-1318
Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...
CVE-2004-1061
Cross-site scripting XSS vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter...
CVE-2004-1075
Cross-site scripting XSS vulnerability in standarderrormessage.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message...
CVE-2004-0301
Cross-site scripting XSS vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter...
[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...