RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

PT-2020-2139 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.1 Description: The issue in MediaWiki is related to the lack of proper output encoding or escaping, which can be exploited by a remote attacker to impact data integrity. Users can add various Cascading Style...

8x8: Stored XSS on Company Logo

The ContactNow application saved the location of the custom company logo without proper encoding considerations...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Design/Logic Flaw

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao CVE-2019-19714 affects Contao CMS 4.8.4 and 4.8.5, where improper encoding/escaping in the login module allows injection of insert tags that are replaced during page rendering. This is due to insufficient output encoding in the login module, with the advised remediation to upgrade to Conta...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress aka All in One SEO Pack is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement...

CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress aka All in One SEO Pack is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16521

The CVE-2019-16521 entry concerns the WordPress Broken Link Checker plugin (

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2019-0329

SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

Vulnerability of WebLogic Server software, allowing a remote attacker to compromise protected information

The vulnerability exists in Oracle Mojarra due to incorrect encoding when using the tag or EL-expressions after a script or style block. Exploiting this vulnerability allows malicious individuals to perform cross-site scripting attacks XSS remotely...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Messages component in the Mac OS X operating system exists due to improper handling of the file encoding. Exploiting this vulnerability can allow a remote attacker to obtain confidential information...

TYPO3 Multiple Cross-Site Scripting Vulnerabilities (Jan 2016)

TYPO3 is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...