Cross-Site Scripting (XSS)

com.liferay.frontend.js.spa.web is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the Liferay.SPA.loginRedirect parameter...

Urban Dictionary: DOM XSS through ads

Multiple ads hosted on www.urbandictionary.com make the www.urbandictionary.com origin vulnerable to DOM XSS. Attached is an image of alertdocument.domain executing. The injection works in Firefox and Chrome. Visiting the following URL will probably cause an alert box displaying the document.doma...

Cross-Site Scripting (XSS)

portal-web is vulnerable to cross-site scripting. Lack of output sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user's browser...

Cross-site Scripting (XSS)

kaminari-core is vulnerable to cross-site scripting XSS. The attack is possible because of an incomplete GET param black-listing, allowing an attacker to inject and execute arbitrary Javascript via the originalscriptname parameter when a user visits pages containing pagination links...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the OpenTSDB datasource...

Cross-Site Scripting

Overview Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

CVE-2020-12259

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php...

Cross site scripting

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

Cross-Site Scripting (XSS)

t3g/svg-sanitizer is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via SVG markup due to lack of sanitization of the markup...

Subrion CMS 4.2.1 Cross Site Scripting

Title: Subrion CMS 4.2.1 Cross-Site Scripting XSS Date: 02-12-2019 Author: Christian Bortone Contact: [email protected] Vendor Homepage: https://subrion.org/ Vulnerable Product: Subrion CMS 4.2.1 CVE : CVE-2019-20389 1. Description: A cross-site scripting vulnerability was identified in...

CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb...

Cross-Site Scripting (XSS)

python2 is vulnerable to cross-site scripting. A remote attacker is able to inject and execute arbitrary Javascript via in a user's browser via the servertitle field...

Cross-Site Scripting (XSS)

ssddanbrown/bookstack is vulnerable to cross-site scripting XSS. Lack of validation and sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user's browser via the comments...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

HashiCorp Nomad Cross-Site Scripting Vulnerability

HashiCorp Nomad is a distributed, data center-aware cluster and application scheduler from HashiCorp, USA. The program supports the deployment of microservices, batch, containerized and non-containerized applications. A cross-site scripting vulnerability exists in HashiCorp Nomad and Nomad...

GitLab: Stored XSS on PyPi simple API endpoint

Summary The recently released PyPi package feature has a new endpoint at /api/:version/projects/:id/packages/pypi/simple/packagename which exposes an HTML page listing the package versions. The packagelink's are generated using the following code: packagepresenter.rbL50 ruby def packagelinkurl,...

Cross-Site Scripting (XSS)

markdown2 is vulnerable to cross-site scripting XSS attacks. The vulnerability is introduced by an incomplete fix to properly encode ampersands and angle brackets in the function encodeampsandangles,allowing an attacker to inject arbitrary Javascript into a victim's browser...