ALPINE-CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

keycloak: reflected XSS using HOST header

It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

Reflected Cross-site Scripting Vulnerability in the Commondownloadtype Parameter of Zhiyuan OA System

Zhiyuan A6-m Collaborative Management Software Enterprise Edition is a collaborative management software for small and medium-sized enterprises, Zhiyuan A6-s Collaborative Management Software is a set of collaborative office management software that can help small and micro-organizations of...

5: stored and reflected XSS vulnerabilities

Multiple cross-site scripting XSS flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users...

Satellite: Spacewalk contains multiple XSS (stored and reflected)

Stored and reflected cross-site scripting XSS flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content in...