27433 matches found
CVE-2023-27008
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
Cross site scripting
A Cross-site scripting XSS vulnerability in the function encryptpassword in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
Cross site scripting
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
Atlassian Jira < 6.0.5 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities: - A directory traversal in the Importers Plugin which permits remote attackers to create arbitrary files...
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.1 that may allow remote injection of arbitrary web script or HTML...
CVE-2022-38220
CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...
Cross site scripting
A Reflected Cross-site scripting XSS vulnerability in interface/forms/eyemag/php/eyemagfunctions.php in OpenEMR 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUESTURI...
K16967: XSS vulnerability in jQuery CVE-2011-4969
Security Advisory Description Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CVE-2011-4969 Impact There is no impact; F5 products are not affected by this...
K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...
K51110104: XSS vulnerabilities CVE-2010-5312 and CVE-2012-6662
Security Advisory Description CVE-2010-5312 Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. CVE-2012-6662 Cross-site scripting XSS vulnerability in th...
K44164245: XSS vulnerability CVE-2013-2618
Security Advisory Description Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter. CVE-2013-2618 Impact There is no impact; F5 products are not affected by this...
UJCMS 跨站脚本漏洞
UJCMS is UJCMS open source a Java open source content management system . UJCMS v4.1.3 version of a security vulnerability , the vulnerability stems from the existence of cross-site scripting XSS vulnerability , an attacker can be exploited to exploit the vulnerability will be carefully crafted...
SUSE CVE-2004-1318
Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...
SUSE CVE-2006-5752
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
SUSE CVE-2008-3714
Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...
SUSE CVE-2009-2057
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...
SUSE CVE-2011-2920
A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicio...
SUSE CVE-2012-0471
Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set...
SUSE CVE-2013-1808
Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...