Cross-Site Scripting (XSS)

com.liferay.currency.converter.web is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the symbol to steal session tokens or perform unwanted actions on behalf of the user...

Shopify: Cross Site Scripting at https://app.oberlo.com/

1- create an account from https://app.oberlo.com/ 2- path to https://app.oberlo.com/settings/account/profile 3- inject javascript code or xss payload at Name form 4- it will be printed at page and executed payload that i used it " Impact This vulnerability can be used by attacker to serve malicio...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

CVE-2018-19202

A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsettingbburl' parameter...

Cross-Site Scripting in Expedition Migration Tool

A cross-site scripting XSS vulnerability exist in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-1009/ CVE-2019-1574 Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the Devices View. This issue affects Expedition 1.1....

CVE-2019-1567

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings...

Cross site scripting

A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/NewGUI/Acl.asp" is request...

CVE-2018-17989

CVE-2018-17989 affects D-Link DSL-3782 devices (firmware 1.01). A stored XSS vulnerability exists in the device’s web interface, allowing an authenticated attacker to inject a JavaScript/HTML payload into the ACL page. The payload executes when the browser requests "/cgi-bin/New_GUI/Acl.asp". Acc...

Cross site scripting

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

CVE-2018-19201

CVE-2018-19201: A reflected XSS in MyBB’s ModCP Profile Editor affects versions before 1.8.20. An attacker can inject JavaScript via the username parameter (remote, network-based). Impact is client-side script execution as described; mitigation is to upgrade to MyBB 1.8.20 (security maintenance r...

CVE-2018-19201

A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

Cross-Site Scripting (XSS)

Apache Struts is vulnerable to cross-site scripting XSS. Improper validation of user-supplied input allows a remote attacker to inject Javascript into a victim's browser through pages xipclient.html and xipserver.html...

Cross-Site Scripting (XSS)

league/commonmark is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via unsafe links using double-encoded HTML entities to steal session tokens or perform unwanted actions on behalf of the user...

PT-2019-2580 · Jenkins · Jenkins Lockable Resources Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lockable Resources Plugin versions 2.4 and earlier Description: The issue allows attackers to inject arbitrary JavaScript code in web pages rendered by the plugin due to a cross-site scripting vulnerability. This can be exploited by...

CVE-2018-1914

IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross-Site Scripting (XSS)

nexus-repository is vulnerable to cross-site scripting XSS. A lack of input validation and output sanitization allows a remote attacker to inject arbitrary Javascript into victim's browser through multiple parameters...

Cross-Site Scripting (XSS)

nexus-core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the repoId and format parameters of the healthCheckFileDetail function, the file name in the File Upload functionality of Staging Upload, the username when...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18623 and CVE-2018-18625...