11 matches found
CVE-2026-50740
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...
EUVD-2026-39604
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...
CVE-2026-50740
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...
Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag
A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...
EUVD-2005-0792
Malware in sbrugna...
CVE-2017-7335
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
activemq: Multiple XSS flaws in web demos
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
ActiveMQ: XSS vulnerability in portfolioPublish demo application
Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...
PT-2013-1884 · Apache · Apache Activemq
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various vectors, including th...
CVE-2005-0791
Cross-site scripting XSS vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter...
CVE-2005-0791
Cross-site scripting XSS vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter...