CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

mxGraph vulnerable to cross-site scripting in color field

mxGraph through 4.0.0, related to the draw.io Diagrams plugin before 8.3.14 for Confluence and other products, is vulnerable to cross-site scripting. draw.io Diagrams allows the creation and editing of draw.io-based diagrams in Confluence. Among other things, it allows to set the background color...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

AZL-6807 CVE-2020-27783 affecting package python-lxml for versions less than 4.8.0-1

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code...

MKPortal 1.x Multiple Modules Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/36216/info Multiple modules of MKPortal are prone to cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the...