44 matches found
CVE-2024-28593
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...
GHSA-7M8V-W6F9-Q2F9 Cross-site Scripting in Jenkins Rebuilder Plugin
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly,...
Business-Dna Solution GmbH TopEase Code Injection Vulnerability
Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A code injection vulnerability exists in Business-Dna Solution GmbH TopEase,...
CVE-2021-24619
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
TCPDF 6.2.19 Deserialization / Remote Code Execution
CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it is a nice feature to have for the developer, it may cause problems in case the PDF creation script is vulnerable to...
Authentication flaw
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...
Razer US: XSS on Saved Carts page
The saved cart endpoint was vulnerable to a reflective XSS due to lack of sanitization of cartcode which is inserted back in the HTML document, which could allow execution of malicious Javascript on the client...
CVE-2017-1000102
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings Warnings Plugin, could insert...
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
This host is missing an important security update according to Microsoft Bulletin MS12-062. OpenVAS Vulnerability Test $Id: secpodms12-062.nasl 6520 2017-07-04 14:28:49Z cfischer $ Microsoft System Center Configuration Manager XSS Vulnerability 2741528 Authors: Rachana Shetty Copyright: Copyright...
Joomla! Cross Site Scripting Vulnerability
The host is running Joomla! and is prone to Cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlaxssvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Joomla! Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Kerio Mail Server Multiple Cross Site Scripting vulnerabilities
The host is running Kerio Mail Server and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbkeriomailservermultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Kerio Mail Server Multiple Cross Site Scripting vulnerabilities Authors: Chandan S Copyright:...
SA-2008-039 - Suggested terms - Cross site scripting
This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...
DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities
Multiple XSS cross site scripting vulnerabilities have been discovered. A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS...
drupal -- multiple XSS vulnerabilities
The Drupal Team reports: A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...
CVE-2002-1497
Cross-site scripting XSS vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response...
CVE-2004-0588
Cross-site scripting XSS vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages...
rnnguest12.txt
RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...
RNN's Guestbook 1.2 Multiple Vulnerabilities
RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...
CVE-2003-0504
Multiple cross-site scripting XSS vulnerabilities in Phpgroupware 0.9.14.003 aka webdistro allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module...
CVE-2003-0404
CVE-2003-0404 affects Vignette StoryServer 4/5 and Vignette V/5 and V/6. Vulnerability: multiple Cross Site Scripting (XSS) via text variables, demonstrated through the errInfo parameter in the default login template. Impact: remote attackers can inject arbitrary HTML and script. Exploitation det...