The vulnerability of Mozilla Firefox browser and the Thunderbird email client relates to deficiencies in HTTP request processing, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures, bypass security restrictions, access confidential information, or execute...

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

CVE-2022-38709

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Code injection

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

PT-2022-15401 · Ibm · Ibm Application Gateway

Name of the Vulnerable Software and Affected Versions: IBM Application Gateway affected versions not specified Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...

Prototype Pollution

express-xss-sanitizer is vulnerable to prototype pollution. The vulnerability exists in require function of sanitize.js because it doesn't properly sanitize the user input data which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

tui-grid is vulnerable to cross-site scripting. The vulnerability exists in multiple functions of default.ts and clipboard.tsx because the inputs are not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-40778

A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response...

GHSA-3JH2-WMV7-M932 LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0...

CVE-2022-37253

Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter...

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

CVE-2022-31792

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

WatchGuard Firebox 跨站脚本漏洞

WatchGuard Firebox is a US-based WatchGuard company that provides comprehensive network security services ranging from traditional IPS, GAV, website/application control and malicious software prevention. A security vulnerability exists in the WatchGuard Firebox and XTM appliances that originates...

WordPress plugin WP-UserOnline 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a specially crafted HTML email with a meta tag set to “refresh”...

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + function // Put Javascript code here return '' + The block below shows a valid mermaid code block md mermaid graph TD; A--B; A--C;...

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

CVE-2021-3427

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...