20 matches found
EUVD-2013-4991
Malware in sbrugna...
EUVD-2022-4141
Malicious code in bioql PyPI...
EUVD-2022-4901
Malicious code in bioql PyPI...
CVE-2022-34323
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...
CVE-2025-48051
CVE-2025-48051 affects Lila (for Lichess); powertip.ts uses innerHTML to extract text from a DOM node and interpret it as HTML, enabling Cross-Site Scripting (XSS) in some applications. The root cause is the unsafe innerHTML pattern in powertip.ts before commit ab0beaf. Impact is XSS where user-c...
CVE-2022-34323
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...
Cross site scripting
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...
CVE-2022-34322
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...
MediaWiki <= 1.37 Multiple Vulnerabilities - Windows
Mediawiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2019-10401
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...
Cross site scripting
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...
Cross site scripting
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...
CVE-2013-5151
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading a file...
CVE-2013-5151
CVE-2013-5151 affects Mobile Safari on iOS prior to 7. The issue arises when a document served with Content-Type: text/plain is treated as HTML, allowing remote attackers to trigger cross-site scripting by uploading a file. Appleās vulnerability entry for Safari (CVE-2013-5151) notes the impact a...
CVE-2013-5151
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading a file...
JVN#38605899 Mozilla Firefox cross-site scripting vulnerability
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Mozilla has released Firefox 2.0.0.2 and...
Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations
Overview A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages...
Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting
Microsoft Internet Explorer 5.0.1 - Wildcard DNS Cross-Site Scripting source: https://www.securityfocus.com/bid/10554/info Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry. A web server with a wildcard DNS entry will...