24 matches found
CVE-2025-48487 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...
PT-2025-23257 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises when creating a translation of a phrase that appears in a flash-message after a completed action, allowing the...
CVE-2023-40273
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...
CVE-2015-10072
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...
Cross site scripting
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...
CVE-2015-10072 NREL api-umbrella-web Flash Message cross site scripting
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...
PT-2023-10251 · Nrel · Api-Umbrella-Web
Name of the Vulnerable Software and Affected Versions: NREL api-umbrella-web version 0.7.1 Description: A problematic issue was found in the Flash Message Handler component, leading to cross site scripting. The attack can be initiated remotely. Recommendations: For NREL api-umbrella-web version...
API Umbrella Web 跨站脚本漏洞
API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with unknown code in the component Flash Message Handler that can lead to cross-site scripting...
Typo3 XSS Vulnerabilities
Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...
GHSA-H86G-796F-HHFQ Typo3 XSS Vulnerabilities
Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...
CVE-2011-4632
Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...
CVE-2011-4632
Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message...
Slack: The Custom Emoji Page has a Reflected XSS
The Custom Emoji Page has a Reflected XSS in building flash message. The following is the PoC. https://team.slack.com/customize/emoji?added=1&name=vuln"alert0;...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
DEBIAN-CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
Cross site scripting
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...