28 matches found
CVE-2019-20443
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...
EUVD-2022-47513
Malicious code in bioql PyPI...
EUVD-2023-54046
Malicious code in bioql PyPI...
CVE-2025-52358
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...
CVE-2025-28245
Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...
CVE-2019-0874
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
CVE-2017-20115
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting Reflected. The attack may be initiated remotely. The exploit...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : RabbitMQ Server vulnerability (USN-7399-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7399-1 advisory. It was discovered that RabbitMQ Server's management UI did not sanitize certain input. An attacker could possibly use this issue t...
CVE-2025-27518
CVE-2025-27518 affects Cognita (the RAG framework) backend server. The issue is an insecure CORS configuration that allows arbitrary websites to send cross-site requests to the Cognita application. Root cause: misconfigured CORS on the backend. Reported impact is that cross-origin requests could ...
CVE-2024-51942
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-55492
CVE-2024-55492 affects Winmail Server 4.4. The issue is a cross-site scripting (XSS) vulnerability via the f_user parameter containing a payload like %22%3E%3Csvg%20onload. Documented CVSS v3.1 base score 6.1 (Medium) with network attack vector, required user interaction, and changed scope; confi...
CVE-2024-55554
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Affected component: portal server web UI; root cause: input in portlet not properly sanitized. Impact: cross-site scripting with network access, requiring user interaction; CVSSv3.1 base score 5.4 (MEDIUM). Remediation: up...
WordPress WP Cloud Server Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Cloud Server Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8cdd8c408320 Credits Rafie Muhammad Patchstack Required...
CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.
A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29105 There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below.
A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory...
CVE-2015-5215
The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be a duplica...
CVE-2018-2383
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...
Trend Micro Smart Protection Server Cross-Site Scripting Vulnerability
Trend Micro Smart Protection Server is the next generation of cloud-based advanced protection solutions. Trend Micro Smart Protection Server suffers from a cross-site scripting vulnerability that could allow an attacker to steal cookie authentication credentials, execute arbitrary scripts, and mo...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...
Merak Mail Server 7.4.5 - settings.html Multiple Cross-Site Scripting Vulnerabilities
Merak Mail Server 7.4.5 - settings.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site...