Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

CVE-2020-25288

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

CVE-2020-25288

CVE-2020-25288 affects MantisBT before 2.24.3. When editing an issue in a project with a Custom Field using a crafted Regular Expression, improper escaping of the input’s pattern attribute can cause HTML injection and, if CSP allows, execution of arbitrary JavaScript. Impact is HTML injection/XSS...

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

python: XSS vulnerability in the documentation XML-RPC server in server_title field

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

Security Vulnerabilities fixed in Thunderbird 78.3 — Mozilla

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Thunderbird sometimes ran the...

Mozilla Firefox ESR < 78.3

The version of Firefox ESR installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...

Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Firefox sometimes ran the onload...

Mozilla Firefox ESR < 78.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...

CVE-2020-8340

A cross-site scripting XSS vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 Integrated Management Module 2, prior to version 5.60, embedded Baseboard Management Controller BMC web interface during an internal security review. This vulnerability could allow JavaScript code t...

GHSA-P82G-2XPP-M5R3 Cross-Site Scripting in dojo

Versions of dojo prior to 1.2.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize HTML code in user-controlled input, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.2.0 or later...

Acronis: XSS on https://partners.acronis.com/

Hello, I found DOM XSS on login page of https://partners.acronis.com/ Open this URL https://partners.acronis.com/en-us/profile/login.html?-back=test123" and search for var back =. Here input is HTML encoded but from that reflected value, element is created and appended to the form. F983552 We can...

Adobe Experience Manager (AEM) Stored Cross-Site Scripting Vulnerability

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

Adobe Experience Manager (AEM) stored cross-site scripting vulnerability (CNVD-2020-52152)

Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitra...

Adobe Experience Manager (AEM) Cross-Site Scripting Vulnerability (CNVD-2020-51769)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager AEM. An attacker can exploit this vulnerability to execute arbitrary...

Adobe Experience Manager (AEM) Forms stored cross-site scripting vulnerability (CNVD-2020-52155)

Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers

UPDATE Adobe has released fixes addressing five critical flaws in its popular Experience Manager content-management solution for building websites, mobile apps and forms. The cross-site scripting XSS flaws could allow attackers to execute JavaScript in targets’ browsers. Including Adobe Experienc...