CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

Cross-Site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via cross-origin iframes...

Cross-Site Scripting (XSS)

snekserve is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filenames that are rendered from the directory listings...

Cross-site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. Lack of sanitization of malicious characters within the JSON data in jsondumper.rb allows a malicious user to inject and execute arbitrary javascript in a user's browser...

CVE-2020-5781

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...

CVE-2020-4615

IBM Data Risk Manager iDNA 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928...

Agoric: Stored XSS in agoric-sdk - malicious iframes, malicious svg

Summary: add summary of the vulnerability Steps To Reproduce: shell git clone https://github.com/Agoric/agoric-sdk.git cd agoric-sdk yarn config set "strict-ssl" false -g yarn config set "registry" "http://registry.npmjs.org/" -g yarn config set "cafile" "/etc/ssl/cert.pem" -g pipenv shell yarn...

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...

Cross-Site Scripting in node-red

Versions of node-red prior to 0.18.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize the name field in new items, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 0.18.6 or later...

Cross-Site Scripting in diagram-js-direct-editing

Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later...

GHSA-8FW4-XH83-3J6Q Cross-Site Scripting in diagram-js

Versions of diagram-js prior to 3.3.1 for 3.x and 2.6.2 for 2.x are vulnerable to Cross-Site Scripting. The package fails to escape output of user-controlled input in search-pad, allowing attackers to execute arbitrary JavaScript. Recommendation If you are using diagram-js 3.x, upgrade to version...

Cross-Site Scripting (XSS)

webkit2gtk3 is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript on the user's browser by providing malicious web content...

CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface

A reflected cross-site scripting XSS vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could...

Adobe Experience Manager (AEM) stored cross-site scripting vulnerability (CNVD-2020-52153)

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

Adobe Experience Manager (AEM) Cross-Site Scripting Vulnerability (CNVD-2020-51768)

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

GHSA-5FF8-JCF9-FW62 Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

Cross-Site Scripting in atlasboard-atlassian-package

All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able t...

Cross-Site Scripting in nextcloud-vue-collections

Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...

GHSA-VPJ4-89Q8-RH38 Cross-Site Scripting in bpmn-js-properties-panel

Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.31.0 or lat...