Cross site scripting

A cross-site scripting XSS vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’...

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-60477)

BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting vulnerability exists in versions of baserCMS prior to 4.4.1. An attacker can exploit this vulnerability by entering a specially crafted nickname in a blog comment to execute arbitrary JavaScript...

CVE-2020-15914

A cross-site scripting XSS vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...

PT-2020-20812 · Apple · Safari

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 13.0.5 Description: A custom URL scheme handling issue was addressed with improved input validation. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. Recommendations: For versions...

Cross-Site Scripting (XSS)

strapi-plugin-content-manager is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the WYSIWYG editor's preview feature...

Template Injection

osm-static-maps is vulnerable to template injection. Lack of validation of user input into the template parameter tileserverUrl allows an attacker to inject arbitrary Javascript/HTML in a user's browser, perform requests on behalf of the user or read arbitrary local files...

CVE-2020-4755

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595...

Cross-Site Scripting (XSS)

orchid/platform is vulnerable to cross-site scirpting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via inline attributes...

Design/Logic Flaw

An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

CVE-2020-5142

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

Design/Logic Flaw

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Cross site scripting

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a...

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

Cross-Site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the user-specified tooltip values...

Open-Xchange: XSS - Notes - Attribute injection through overlapping tags

The Notes app uses simple markup language to format the content, which is later converted to HTML for display. javascript // frontend/ui/apps/io.ox/notes/parser.js parsePlainText: function text var lines = .escapetext.split/\n/, openList; ... var html = lines.join'' .replace/!\.?/g, ''...

Cross site scripting

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...