GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab that originates from...

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting attacks. The vulnerability exists because a victim could be tricked into accepting malformed ASN.1 which allows an attacker to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting. The vulnerability exists because the user input of SVG tags that referenced a same-origin document is not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

Ember.js 跨站脚本漏洞

Tilde Ember.js is an open source web application framework for JavaScript from Tilde, Inc. in the United States. A security vulnerability exists in Ember.js. An attacker can exploit this vulnerability to execute arbitrary JavaScrip scripts...

Cross-site Scripting (XSS)

com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filedownload.php process. An attacker can execute arbitrary JavaScript code by attaching and triggering malicious SVG documents. Details Cross-site scripting or...

Argo CD's external URLs for Deployments can include JavaScript

Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions up to and including admin. The scri...

Cross-Site Scripting (XSS)

brotkrueml/typo3-matomo-integration is vulnerable to cross-site scripting. The vulnerability exists in convertStringValue function in MatomoMethodCall.php because the content from PSR-14 events are not properly escaped which allows an attackers to inject and execute arbitrary javascript...

WordPress WP Simple Adsense Insertion plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...

CVE-2022-31470

An XSS vulnerability in the indexmobilechangepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session for a logged-in user, can access and retrieve mailbox content...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

CVE-2022-1940

Removed by vendor...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

VulnCheck KEV: CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

WordPress plugin JivoChat Live Chat 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress JivoChat Live Chat plugi...

Cross-Site Scripting (XSS)

@angular/core is vulnerable to cross-site scripting. The vulnerability exists in few methods due to not escaping the comment text which allows an attacker to inject and execute arbitrary javascript...

Possible cross-site scripting attack via unsanitized SVG files in FoF Upload

Impact If FoF Upload is configured to allow the uploading of SVG files image/svg+xml, navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service...

CVE-2022-30999 Possible cross-site scripting attack via unsanitized SVG files in FoF Upload

FriendsofFlarum FoF Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files 'image/svg+xml', navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an...

GHSA-WMH9-X28J-C6GR Cross site scripting in publify

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article...