6 matches found
BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
UBUNTU-CVE-2021-30157
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...
PT-2021-3353 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.12 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.2 Description: The issue exists due to the lack of protection for the web page structure, allowing a remote attacker to conduct cross-site scripting X...
jenkins: Stored XSS vulnerability in button labels
A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...
Cross-Site Scripting
Overview Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script...
Cross-Site Scripting (XSS)
onegov.form is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the usage of unescaped labels in WTForms...