CVE-2018-0719

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

CVE-2018-12241

The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...

Cross-site Scripting (XSS)

bootstrap-datepicker is vulnerable to a cross-site scripting XSS attack. The library does not properly handle the jQuery for the date container, allowing a malicious user to inject arbitrary Javascript...

Cross-Site Scripting (XSS)

validator is vulnerable to cross-site scripting. A remote attacker is able to bypass XSS filters via nested forbidden strings to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

notebook is vulnerable to a cross-site scripting XSS attack. The library does not properly sanitize URLs passed through a directory name, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This...

Cross-Site Scripting (XSS)

Plupload is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the id parameter to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the dnnVariable parameter to the default URI...

Cross site scripting

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

keycloak: XSS-Vulnerability with response_mode=form_post

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

Khan Academy: Cross site scripting (content-sniffing)

Your website may be vulnerable to cross site scripting attacks HTTP request: GET...

Cross-site Scripting (XSS)

primefaces is vulnerable to a cross-site scripting XSS attack. The library does not properly escape HTML elements, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

editor.md is vulnerable to a cross-site scripting attack. The library does not properly sanitize tags during markdown rendering, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

gwt-user is vulnerable to a cross-site scripting XSS attack. The library does not sanitize multiple script elements, allowing a malicious user to inject and execute arbitrary Javascript...

Apache Syncope Cross-Site Scripting Vulnerability

Apache Syncope is an open source system for managing digital identities in enterprise environments, implemented using Java EE technology and released under the Apache 2.0 license. A stored cross-site scripting vulnerability exists in Apache Syncope. A malicious user with sufficient administrative...

GHSA-9H9C-F287-C6VP Improper Control of Interaction Frequency in Apache syncope-core

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...