CVE-2020-35124

A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...

CVE-2020-13653

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature...

Cross site scripting

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature...

CVE-2020-13269

Removed by vendor...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

XSS in gopher parser when parsing hrefs — Mozilla

Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the...