FreshRSS 1.11.1 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in FreshRSS version 1.11.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira has a cross-site scripting vulnerability that can be exploited to inject arbitrary HTML or JavaScript...

PYSEC-2020-62

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

USN-4032-1 firefox vulnerability

It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code...

Grav CMS 1.2.4 Cross Site Scripting

CVE-2018-5233 Grav CMS admin plugin Reflected Cross Site Scripting XSS vulnerability Description Grav CMS is a flat-file CMS using Markdown files for content management Official Website. It has been elected "Best Open Source CMS of 2016" by CMS critic. The application does not always filter user...

Multiple Cross-Site Scripting Vulnerabilities in amCharts Flash

amCharts is a company dedicated to the development of charting components, located in Vilnius, the capital of Lithuania, which started launching charting and mapping components in 2004. Multiple cross-site scripting vulnerabilities exist in amCharts Flash, allowing remote attackers to inject...

CVE-2011-4525

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors...

Code injection

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors...

CVE-2011-4525

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors...

CVE-2002-1651

Cross-site scripting XSS vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the 1 vformat or 2 vfilter functions...