Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...

SuiteCRM 7.x <= 7.8.23 and 7.10.x <= 7.10.10 XSS Vulnerability

SuiteCRM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

The vulnerability of Google Chrome’s browser, related to improper input validation, allows a malicious actor to execute JavaScript code from an arbitrary source.

The vulnerability of Google Chrome relates to errors in handling redirects for URLs that are not allowed. Exploiting this vulnerability allows a malicious actor to execute JavaScript code from an arbitrary source, using a specially created HTML page...

CVE-2018-1731

IBM DOORS Next Generation DNG/RRC 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1913

IBM DOORS Next Generation DNG/RRC 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Cross site scripting

Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...

CVE-2019-10646

Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

Cross-Site Scripting (XSS)

snipe/snipe-it is vulnerable to cross-site scripting XSS. User input are not escaped before being displayed on a user's browser, allowing remote attackers to inject arbitrary Javascript into a victim's browser via logmeta values and user's last name in the API...

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

CVE-2019-1569

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user...

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings...

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings...

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

Cross-Site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross Site Scripting (XSS)

Liferay Portal is vulnerable for Cross site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ppid parameter in the Plugins Confguration section of Control Panel...

Cross-Site Scripting (XSS)

Red Hat JBoss Operations Network is vulnerable to cross-site scripting XSS. Lack of input validation in the Administration Interface allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

Westwind.Utilities is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of validation when the single quote character ' is escaped as such ', allowing a remote attacker to inject arbitrary Javascript into a victim's browser...