CVE-2015-2793

Cross-site scripting XSS vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openididentifier parameter in a verify action to ikiwiki.cgi...

CVE-2013-0193

Cross-site Scripting XSS in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195...

CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

Design/Logic Flaw

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input...

CVE-2013-4103

Cryptocat prior to 2.0.22 is vulnerable to Remote Script Injection caused by improper sanitization of user input. Affected software: Cryptocat (versions before 2.0.22). Impact per sources: potential arbitrary script execution in the context of the application. Remediation: upgrade to Cryptocat 2....

DEBIAN-CVE-2013-1951

A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...

CVE-2010-1673

A cross-site scripting XSS vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment...

CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2019-35573)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability in Microsoft Dynamics 365 on-premises version...

Cisco IOS and IOS XE Cross-Site Scripting Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the web framework code in Cisco IOS and Cisco IOS XE, which stems from a program that fails to perform sufficient input validation. A remote attacker coul...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

CVE-2019-5404 affects HPE 3PAR StoreServ Management Console and Core Software Media prior to 3.5.0.1. A remote script injection vulnerability could allow an attacker to execute client-side code in the management console. The exact exploitation details, including successful attack scenarios, are n...

The vulnerability of the “page parameter” in Mitel Connect OnSite conference call systems allows a intruder to inject any desired web script or HTML code.

The vulnerability of the page parameter in Mitel Connect OnSite communication systems is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web scripts or HTML code remotely...

PT-2019-9616 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Extra Contents parameter, also known as the cf 110 parameter in the adm/config form update.php file. This enables attacker...