Malicious code in angular-dynamic-html (npm)

The package angular-dynamic-html was found to contain malicious code...

MAL-2025-14527 Malicious code in angular-dynamic-html (npm)

The package angular-dynamic-html was found to contain malicious code...

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar, which stems from the fact that lack of cleanup of user-controlled parameters used to dynamically generate HTML field values can...

SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

MS03-040: October, 2003, Cumulative Patch for Internet Explorer

Technical Updates October 1, 2003: Originally published.October 15, 2003: Updated the "Prerequisites" section to indicate that you can install the security patch on Windows NT Workstation 4.0 SP6a and Windows 2000 SP2.Symptoms This is a cumulative security patch for Microsoft Internet Explorer th...

Pretty Link Plugin for WordPress 'pretty-bar.php' 'url' Parameter XSS

The version of the Pretty Link Lite plugin for WordPress installed on the remote host fails to properly sanitize user-supplied input to the 'url' parameter of the 'pretty-bar.php' script before using it to generate dynamic HTML output. An attacker can leverage this issue to inject arbitrary HTML...

OpenAdmin Tool for Informix informixserver Parameter XSS

The instance of OpenAdmin Tool for Informix hosted on the remote web server fails to sanitize user input to the 'informixserver' parameter of its 'index.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML or script...

Crystal Reports Server InfoView logonAction Parameter XSS

The InfoView component included with the Crystal Reports Server install on the remote host contains a JSP script fails to sanitize user input to the 'logonAction' parameter of its 'logon.jsp' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to...

MODx login.php 'username' Parameter XSS

The installed version of MODx fails to adequately sanitize input passed to the 'username' parameter in the 'login.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a...

TikiWiki 'tiki-edit_wiki_section.php' type Parameter XSS

The installed version of TikiWiki fails to sanitize user-supplied input to the 'type' parameter in the 'tiki-editwikisection.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code...

Mura CMS link Parameter XSS

The version of Mura CMS hosted on the remote web server fails to sanitize user-supplied input to the 'link' parameter of the 'default/includes/displayobjects/sendtofriend/index.cfm' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject...

FuseTalk usersearchresults.cfm keyword Parameter XSS

The installed version of FuseTalk fails to sanitize user-supplied input to the 'keyword' parameter in file 'usersearchresults.cfm' before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into ...

Ektron CMS400.NET 'workarea/reterror.aspx' info Parameter XSS

The installed version of Ektron CMS400.NET fails to sanitize user- supplied input to the 'info' parameter in the 'workarea/reterror.aspx' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or...

ClarkConnect proxy.php url Parameter XSS

The remote web server is used by ClarkConnect, an Internet server and gateway product, to process PHP scripts used for configuration. The installed version includes a script, '/public/proxy.php', that fails to sanitize user- supplied input to the 'url' parameter before using it to generate dynami...

Axon Virtual PBX /logon Multiple Parameter XSS

The remote web server is the internal web server component included with Axon Virtual PBX, a Windows application used to manage phone calls. The installed version of this web server fails to sanitize user- supplied input to the 'onok' parameter of the '/logon' script before using it to generate...

Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS

The version of Novell GroupWise WebAccess installed on the remote host fails to sanitize user-supplied input via a POST request to the 'User.id' parameter of the '/gw/webacc' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary...

Kerio MailServer < 6.6.2 (KSEC-2008-12-16-01) Multiple XSS

Binary data 4797.prm...

Kerio MailServer < 6.6.2 Multiple XSS (KSEC-2008-12-16-01)

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.6.2. Multiple files in such versions are reportedly affected by cross-site scripting vulnerabilities. - The application fails to sanitize input to the parameter 'folder' of the 'mailCompose.php' script as...

CuteNews search.php Cross-Site Scripting Vulnerability

The remote web server contains a PHP script that is affected by a cross-site scripting issue. The version of Cutenews installed on the remote host fails to sanitize input to the SPDX-FileCopyrightText: 2008 Justin Seitz Some text descriptions might be excerpted from a referenced sources, and are...