CVE-2023-49111

CVE-2023-49111 describes an unauthenticated reflected cross-site scripting vulnerability in Kiuwan SAST deployments with SSO enabled. The issue arises because the login page’s JavaScript block directly includes the request parameter “message,” enabling an attacker to inject script via the paramet...

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

Informatica: [kb.informatica.com] Stored XSS

kb.informatica.org is vulnerable to stored XSS as it stores user input in users' sessions, then reflects this input back inside a JavaScript block without adequate escaping. To replicate this issue, first store the payload in your session by visiting:...

Lycos HTMLGear guestGear CSS HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbo...