CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

CVE-2025-0757

CVE-2025-0757 affects Hitachi Vantara Pentaho Business Analytics Server (versions prior to 10.2.0.2, including 9.3.x and 8.3.x). The issue is improper neutralization of user-controllable input before it is output to web pages, enabling cross-site scripting via a malicious URL in the Analyzer plug...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be executed in the context of a user's browser...

CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...