Neos CMS vulnerable to XSS in various backend modules

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

CVE-2022-30429

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

CVE-2022-30429

Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...

GHSA-4M44-5J2G-XF64 Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

GHSA-PX42-MR8M-CPGH JBoss KeyCloak Cross-site Scripting Vulnerability

If a JBoss Keycloak application was configured to use as a permitted web origin in the Keycloak administrative console, crafted requests to the login-status-iframe.html endpoint could inject arbitrary Javascript into the generated HTML code via the "origin" query parameter, leading to a cross-sit...

CVE-2021-34590

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

Cross site scripting

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting XSS Exploit Author: LiquidWorm enteliTouch XSS input type="hidden" nam...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting

enteliTouch XSS alertdocument.cookie" /...

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...

CVE-2022-28648

Summary: CVE-2022-28648 concerns JetBrains YouTrack prior to version 2022.1.43563, where HTML from the issue description could be rendered in the UI, creating a potential cross-site scripting (XSS) issue. The CNVD entry additionally notes risk of cookie-based credential theft in relation to YouTr...

Aternity SteelCentral AppInternals跨站脚本漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A cross-site scripting vulnerability exists in Aternity SteelCentral AppInternals, which can be exploited by remote attackers to inject malicious script or HTML code...

GHSA-3949-F494-CM99 Cross-site Scripting in Prism

Impact Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Li...

ROS-20220204-01

A vulnerability in the Django web application framework is related to an infinite loop when parsing files . Exploitation of the vulnerability could allow an attacker acting remotely to upload a specially a specially crafted file to a server, utilize all available system resources, and cause a...

CVE-2022-23647

A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model DOM as HTML code, which can be exploited by an attacker...

Cross site scripting

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

CVE-2022-23647

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...

CVE-2022-23647 Cross-site Scripting in Prism

Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...