CVE-2023-29049

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain...

CVE-2021-28957

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

CVE-2016-9889

Tiki Wiki CMS Groupware is affected by a cross-site scripting vulnerability in forms that use the geo_zoomlevel_to_found_location parameter. The issue arises from unsanitized input in tiki-setup.php and article_image.php on versions 12.x prior to 12.10 LTS, 15.x prior to 15.3 LTS, and 16.x prior ...

Progress WebSpeed 3.0/3.1 - Denial of Service

//source: https://www.securityfocus.com/bid/23778/info // //WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. // //Successful exploits can allow attackers to cause the application to become unresponsive, denying service to legitimate...