Cross-site Scripting (XSS) - Generic in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code in the browser of a victim which affected Devices module Add Device in sysName, Hardware and Community fields. Proof of Concept Endpoint: 1 POST http://HOST/addhost...

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...

GHSA-H236-G5GH-VQ6C DOM-based cross-site scripting in Froala Editor

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...

GHSA-VP4X-94FF-2CMV Cross-site scripting in forkcms

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

Cross-Site Scripting (XSS)

microweber is vulnerable to cross site scripting. The vulnerability exists due to a lack of santization via the URL schemes, allowing an attacker to execute arbitrary JavaScript in a victim's browser...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

Cross-site Scripting (XSS)

ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists in include.php due to improper sanitizing of user inputs which allows an attacker to insert and execute arbitrary Javascript...

Cross-site Scripting in grav

In grav prior to version 1.7.28, a low privilege user can create a page with arbitrary javascript by bypassing insufficent XSS filtering...

Cross site scripting in three.js

CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...

GHSA-7VVQ-7R29-5VG3 Cross site scripting in three.js

CVE has been withdrawn Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. The vulnerability exists in checkouts of web.php during routing which allows an attacker to insert arbitrary Javascript...

Cross-site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS attacks. Insufficient checks in detectXss allow remote attackers to inject and execute arbitrary javascript code in the victim's browser...

About the security content of Safari 15.3

About the security content of Safari 15.3 This document describes the security content of Safari 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Halo cross-site scripting vulnerability (CNVD-2022-08379)

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest are susceptible to cross-site scripting XSS stored in the title of a post, which can be exploited by an attacker to...

Cross site scripting

A stored cross site scripting XSS vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title...

CVE-2020-28919

A stored cross site scripting XSS vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title...

GHSA-HX7C-QPFQ-XCRP Cross-site Scripting in django-cms

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

Cross site scripting

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...