111 matches found
CVE-2024-32877
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
CVE-2024-1841
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
Cross-site Scripting (XSS)
Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...
Cross-site Scripting (XSS)
Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...
Cross-site Scripting (XSS)
Overview org.webjars.bower:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.twbs:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page...
CVE-2025-1647
CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML title attribute in the list view. An attacker can manipulate the output and inject malicious scripts by crafting malicious input that is improperly escaped. Note Patched version 3.1.3 has a...
UBUNTU-CVE-2024-39308
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...
CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...
CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...
PT-2024-18037 · Unknown · The Post Grid – Shortcode
Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...
CVE-2024-5425
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress WP jQuery Lightbox plugin <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via title Attribute vulnerability discovered by Webbernaut in WordPress Plugin WP jQuery Lightbox versions = 1.5.4...
PT-2024-36129 · WordPress · Wp Jquery Lightbox
Name of the Vulnerable Software and Affected Versions: WP jQuery Lightbox plugin for WordPress versions up to, and including, 1.5.4 Description: The issue is related to Stored Cross-Site Scripting via the title attribute due to insufficient input sanitization and output escaping. This allows...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
CVE-2024-1323
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
SUSE CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
MediaWiki Cross-site Scripting vulnerability
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...