Cross-site Scripting (XSS)

org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode parameter in the getSafeText function of login.jsp, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scripting. The vulnerability exists in the prepare function of PageRegular.php, allowing an attacker to inject and execute malicious javascript through the canonical tags...

Cross-site Scripting (XSS)

materialize-css is vulnerable to cross-site scripting. The highlight function of autocomplete.js does not properly escape the user input such as , allowing an attacker to inject and execute malicious javascript...

WordPress plugin Import and export users and customers 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Import and export users and customers plugin...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

GHSA-9HGC-WPC5-V8P9 An attacker can execute malicious javascript in Live Helper Chat

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application...

CVE-2022-1530 Cross-site Scripting (XSS) in livehelperchat/livehelperchat

Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application...

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine CERT-UA has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS distributed denial of service attacks. They dont currently know who is behind these attacks. The attack involves injecting a malicious...

Cross-site Scripting (XSS)

esapi is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization use in the onsiteURL regular expression of antisamy-esapi.xml, allowing an attacker to inject and execute malicious javascript...

Adobe Acs-aem-commons 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase of AEM/CQ code collections generated from AEM by Adobe U.S. Adobe Acs-aem-commons 5.1.x and earlier versions contain a cross-site scripting vulnerability that could be exploited by an attacker to inject malicious JavaScript content into vulnerable fo...

CVE-2022-24864

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

Design/Logic Flaw

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

CVE-2022-24864 Malicious Javascript injection in OriginProtocol/origin-website

Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to /presale/join. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the...

CVE-2022-24864

CVE-2022-24864 affects Origin Protocol’s origin-website: an attacker can inject malicious JavaScript by posting to /presale/join. User-controlled data is sent to SendGrid without sanitization and inserted into an email addressed to [email protected]. If the recipient’s email client is s...

ThoughtWorks GoCD Cross-Site Scripting Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A cross-site scripting vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by an attacker controlling a GoCD agent to plant malicious JavaScript into a failed job report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

CVE-2021-43288

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute malicious javascript via the description of a new module due to the lack of validations...