Cross site scripting

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

CVE-2019-7250

The CVE-2019-7250 issue affects the Cross Reference Add-on 36 for Google Docs. The vulnerability is a Stored XSS flaw in the plugin’s configuration panel preview boxes, where crafted label and references text can inject JavaScript code (via SCRIPT elements, event handlers, etc.). The stored paylo...

Cross-site Scripting (XSS)

Mozilla Firefox and Thunderbird is vulnerable to cross-site scripting XSS. The use of valueOf method to shadow the location object window.location is not prevented, allowing for remote attackers to inject arbitrary Javascript into a victim's web browser via a malicious plugin...

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

CVE-2018-0483

A vulnerability in Cisco Jabber Client Framework JCF could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could...

Cross-Site Scripting in react-dom

Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...

Cross site scripting

Cross-site scripting in eventscript.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the title parameter...

CVE-2018-1848

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

Cross-Site Scripting (XSS)

Dnn.Platform is vulnerable to cross-site scripting. A lack of sanitization in the redirect URL as displayed on the redirect page allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies or perform unwanted actions on behalf of the user...

Design/Logic Flaw

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

Xiaomi Mi Router 3 Cross-Site Scripting Vulnerability

Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A cross-site scripting vulnerability exists in the API 404 page in Xiaomi Mi Router 3 version 2.22.15. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code via a modified URL path...

CVE-2018-13022

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...

Cross site scripting

Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...

CVE-2018-13312

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

Cross site scripting

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

Cross site scripting

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13312

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...