CVE-2023-40618

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in...

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-1000108

A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed...

CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2018-1000604

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...

CVE-2018-1000842

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

CVE-2018-19449

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution...

CVE-2018-19445

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution...

CVE-2009-4127

Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is...

CVE-2010-0063

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, a...

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

CVE-2021-41782

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41432

A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...

CVE-2021-41784

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...

CVE-2021-41780

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41502

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...