2167 matches found
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x2xw-hw8g-6773. This link is maintained to preserve external references. Original Description versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may ...
CVE-2024-22048
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
Cross site scripting
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
CVE-2024-22048 govuk_tech_docs XSS Vulnerability
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
CVE-2023-44089
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774...
CVE-2023-41165
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...
PT-2023-27840 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 3.7.0 through 3.7.38 Stormshield Network Security SNS versions 3.10.0 through 3.11.26 Stormshield Network Security SNS versions 4.0 through 4.3.21 Stormshield Network Security SNS versions 4.4.0 throu...
CVE-2023-51457
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
Cross site scripting
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-51458 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2023-51462 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-51459 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
Cross Site Scripting (XSS)
com.jfinal:jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability occurs due to insufficient user input sanitizations, which allows an authenticated attacker to inject and execute malicious javascript into the victim's browser...
CVE-2023-48623
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48623
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48621
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48618
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48621
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48612
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48613
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...