Lucene search
+L

6 matches found

osv
osv
added 2026/05/28 11:26 a.m.9 views

BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
osv
osv
added 2021/04/06 7:15 a.m.4 views

UBUNTU-CVE-2021-30157

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...

6.1CVSS6.7AI score0.01406EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2021/04/06 12:0 a.m.4 views

PT-2021-3353 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue exists due to the lack of protection for the web page structure, allowing a remote attacker to conduct cross-site scripting X...

9.8CVSS6.2AI score0.03832EPSS
Exploits18References91
redhat
redhat
added 2021/03/03 4:19 a.m.3 views

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

5.4CVSS5.6AI score0.01029EPSS
Exploits0References4
nodejs
nodejs
added 2017/01/24 11:2 p.m.42 views

Cross-Site Scripting

Overview Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script...

4.3CVSS2.3AI score0.00905EPSS
Exploits0Affected Software1
veracode
veracode
added 2016/12/27 2:25 a.m.6 views

Cross-Site Scripting (XSS)

onegov.form is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the usage of unescaped labels in WTForms...

5.7AI score
Exploits0
Rows per page
Query Builder