CVE-2020-25631

CVE-2020-25631 affects Moodle prior to fixed versions: 3.9.2, 3.8.5, and 3.7.8 fix a cross-site scripting issue where JavaScript could be inserted into a book chapter title on the Add new chapter page for Moodle 3.9–3.9.1, 3.8–3.8.4, and 3.7–3.7.7. Affected releases should upgrade to the correspo...

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

Crafter CMS Cross-Site Scripting Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications. A cross-site scripting vulnerability exists in Crafter CMS Crafter Studio version 3.0.1, which allows an attacker to exploit the vulnerability to be able to inject malicious JavaScript code, leading t...

PT-2020-5797

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.2.0 through 1.2.12 Roundcube Webmail versions 1.3.x through 1.3.15 Roundcube Webmail versions 1.4.x through 1.4.9 Description: An issue was discovered in Roundcube Webmail, where the linkref addindex function in...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

CVE-2020-28210

A CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser...

CVE-2020-25702

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...

CVE-2020-25702

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10...

CVE-2020-25702

CVE-2020-25702 affects Moodle: JavaScript can be included when renaming content bank items in versions 3.9 through 3.9.2. The issue is addressed in Moodle 3.9.3 and Moodle 3.10. The CVE is documented with two metrics: CVSS2 (4.3, MEDIUM) and CVSS3.1 (6.1, MEDIUM). The vulnerability arises from th...

CVE-2020-28129

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

SourceCodester Online Clothing Store 跨站脚本漏洞

SourceCodester Online Clothing Store is a website builder system from SourceCodester, Inc. that provides online clothing store functionality. A cross-site scripting vulnerability exists in SourceCodester Online Clothing Store version 1.0, which originates from the vulnerability is via an Offer...

Cross-Site Scripting (XSS)

jinja2 is vulnerable to Cross Site Scripting. An attacker is able to inject and execute arbitrary Javascript through the gettext and ngettext function due to the lack of output sanitization...

Zimbra Collaboration Server < 8.8.15 P11 / 9.x < 9.0.0 P4 XSS

According to its self-reported version number, Zimbra Collaboration Server is below 8.8.15 Patch 11, or 9.x prior to 9.0.0 Patch 4. It is, therefore, affected by a cross-site scripting XSS vulnerability in the Webmail component. An unauthenticated, remote attacker can exploit this, by convincing ...

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2020-62468)

IBM Content Navigator is a Web client that provides users with a console that enables them to access, manage, and use corporate content anytime, anywhere, from any location in the organization on virtually any mobile device. A stored cross-site scripting vulnerability exists in IBM Content...

CVE-2020-4760

IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737...

Joplin Desktop Cross-Site Scripting Vulnerability

Joplin is an open source notes and to-do list application. A cross-site scripting vulnerability exists in Joplin Desktop version 1.2.6, which stems from the lack of proper validation of client-side data via a link in a note, and can be exploited by an attacker to inject JavaScript code into the...

Cross-site Scripting (XSS)

dompurify is vulnerable to Cross-Site ScriptingXSS. The vulnerability exists when converting from the SVG namespace, allowing an attacker to inject and execute arbitrary Javascript...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

CVE-2020-27359

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...