CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...

PT-2025-52666

Name of the Vulnerable Software and Affected Versions Schlix CMS versions prior to 2.2.9-5 Description Schlix CMS is affected by a Cross-Site Scripting XSS issue. The root cause is a lack of javascript sanitization in the login form, which allows incorrect login attempts to be logged as XSS in th...

CVE-2025-67443

Schlix CMS before v2.2.9-5 is affected by a Cross Site Scripting (XSS) vulnerability due to missing JavaScript sanitization in the login form, causing incorrect login attempts to be logged as XSS in the admin panel. The connected sources confirm the affected version and the root cause without det...

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

...

CVE-2021-42044

An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline,...

Alibaba Cloud Linux 3 : 0049: go-toolset:rhel8 (ALINUX3-SA-2023:0049)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0049 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-24540: Not all valid JavaScript whitespace...

Drupal 7.x < 7.102 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. - Drupal core...

Drupal 10.3.x < 10.3.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. - Drupal core...

Drupal 10.2.x < 10.2.11 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized. - Drupal core...

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

YARD's default template vulnerable to Cross-site Scripting in generated frames.html

Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...

CVE-2023-45207

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...

Code Injection

gnome-maps is vulnerable to Code Injection. The vulnerability is due to incomplete JavaScript sanitization, which allows an attacker to Inject code through a service.json file...

MGASA-2023-0169 Updated golang packages fix security vulnerability

Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...

go -- multiple vulnerabilities

The Go project reports: crypto/tls: restrict RSA keys in certificates to = 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to = 8192...

Cross site scripting

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...

CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...

USN-4498-1 ruby-loofah vulnerability

It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. CVE-2019-15587...

CVE-2017-7799

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...

Adobe AIR JavaScript Code Execution Vulnerability

This host has Adobe AIR installed, and is prone to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbadobeairjscodeexecvuln.nasl 5370 2017-02-20 15:24:26Z cfi $ Adobe AIR JavaScript Code Execution Vulnerability Authors: Chandan S Copyright: Copyright c 2008 Greenbone Networks...