VulnCheck KEV: CVE-2013-2618

Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter...

CVE-2020-5631

Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

The vulnerability of the ColdFusion interpreter, related to the lack of measures taken to protect the structure of web pages, allows attackers to inject arbitrary web scripts or HTML code and gain access to protected information.

The vulnerability of the ColdFusion interpreter is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to inject arbitrary web scripts or HTML code remotely, gain access to protected information, and modify the appearance of the...

Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability

Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...

Firco Continuity Cross-Site Scripting Vulnerability

Firco Continuity is a real-time trade screening solution. A stored cross-site scripting vulnerability exists in Firco Continuity 6.2.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the username field on the login page...

UBUNTU-CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute cross-site scripting attacks.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

UBUNTU-CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-11845

Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML...

Sales Force Assistant Cross-Site Scripting Vulnerability

NI Consulting Sales Force Assistant is a suite of sales support and information sharing tools from NI Consulting Japan. The product supports features such as customer relationship management, case management, complaint management, and visit program management. A cross-site scripting vulnerability...

PT-2020-2194 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

PT-2020-2159 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

Amazon AWS JavaScript S3 Explorer Cross-Site Scripting Vulnerability

Amazon AWS JavaScript S3 Explorer is a set of S3 browsers. A cross-site scripting vulnerability exists in Amazon AWS JavaScript S3 Explorer explorer.js, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to gain access to sensitive information or...

CVE-2020-5528

CVE-2020-5528 is a cross-site scripting vulnerability in Movable Type series (including Movable Type 7, 6.5, and related editions) that allows remote attackers to inject arbitrary web script or HTML into the block editor and Rich Text Editor via a specially crafted URL. The vulnerability affects ...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

UBUNTU-CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

UBUNTU-CVE-2013-6451

Cross-site scripting XSS vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...