PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

CVE-2011-0428

CVE-2011-0428 describes a Cross Site Scripting (XSS) vulnerability in ikiwiki prior to version 3.20110122 due to insufficient input validation in comments. The impact is arbitrary JavaScript execution by remote attackers, enabled by mal‑formed comments. Affected software is ikiwiki; the root caus...

CVE-2011-0428

Cross Site Scripting XSS in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments...

Cross-Site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. There is no $sce protection against linkhref, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser via RESOURCEURL...

CVE-2019-10475

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

Cross site scripting

In NCH Express Accounts Accounting v7.02, persistent cross site scripting XSS exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript...

CVE-2019-16282

In NCH Express Invoice v7.12, persistent cross site scripting XSS exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript...

Cross-Site Scripting (XSS)

hotarucms/hotarucms is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser by storing malicious Javascript code in the sitename parameter. This CVE ID is related to CVE-2011-4709...

CVE-2019-1003042

A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin...

Quantopian: Stored cross-site scripting in dataset owner.

Hi again. Another XSS this time. Summary: Unescaped chars in 'dataset owner' could be abused to store arbitrary javascript. Description: There is a 'dataset owner' field in new 'custom dataset dashboard' which contains unsanitized output. If attacker would modify his name, like first name '', the...

CVE-2019-4564

IBM Security Key Lifecycle Manager (SKLM) is affected by CVE-2019-4564 across versions 2.6–3.0.1. The vulnerability is a cross-site scripting flaw that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected produ...

Cross site scripting

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

Cross-Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists due to the use of alpha instead of nohtml in card.php, allowing a remote attacker to inject arbitrary Javascript into a victim's browser via the job parameter...

CVE-2019-4494

IBM Jazz Reporting Service JRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Cross-Site Scripting (XSS)

no-vnc is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript ito a victim's browser via messages propagated to the status field such as the VNC server name...

PT-2019-17107 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

PT-2019-17108 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS versions 6.0 through 6.0.6.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

GHSA-6M4R-CGM3-6Q7Q Cross-Site Scripting in status-board

All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary...

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary...