Cross-site Scripting (XSS)

spoon/library is vulnerable to cross-site scripting XSS attacks. A specifically crafted string injected through form attribute placeholders allows remote attackers to execute malicious scripts...

UBUNTU-CVE-2016-5303

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

bugzilla Cross-Site Request Forgery

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...