CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

FreePBX < 13.0.122.43, < 14.0.18.34 XSS Vulnerability

FreePBX is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-15891

An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name...

Localstore.rdf XML injection through XULDocument.persist() — Mozilla

XULDocument.persist did not validate the attribute name, allowing an attacker to inject XML into localstore.rdf that would be read and acted upon at startup. This could include JavaScript commands that would be run with the permissions of the browser...

CVE-2002-0326

Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript...

Web Browsers vulnerable to the Extended HTML Form Attack &#40;IE and OPERA&#41;

Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack Release Date: 06/02/2002 Effects: Internet Explorer 6 and older versions Opera 6.0 and older versions Severity: Allows stealing of cookies, penetration of internal networks and other evil stuff. Author: Obscure^...

CVE-2001-0743

Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands...

CVE-2001-0743

Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands...