27433 matches found
GHSA-GCVP-CWGW-WX8J phpMyAdmin XSS Vulnerability
Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...
phpMyAdmin XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...
phpMyAdmin XSS Vulnerability
Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...
GHSA-4FXW-G29W-R8MX Apache Solr Cross-site scripting Vulnerability
Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...
Apache Solr Cross-site scripting Vulnerability
Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...
typo3/cms-felogin Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
GHSA-M3P9-C7P3-XXMP Mayaa Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions...
Mayaa Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions...
GHSA-WGVV-5396-GGVJ EC-CUBE XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in 1 data/Smarty/templates/default/list.tpl and 2 data/Smarty/templates/default/campaign/bloc/carttag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
EC-CUBE XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in 1 data/Smarty/templates/default/list.tpl and 2 data/Smarty/templates/default/campaign/bloc/carttag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-QJMG-77XH-7MJW Loggerhead XSS via filename
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter
Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
GHSA-X24Q-XWRF-66JM Improper Neutralization of Input During Web Page Generation in Google Web Toolkit
Multiple cross-site scripting XSS vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit GWT before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-9HW3-4GVP-8MV5 TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Cross-site scripting XSS vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Cross-site scripting XSS vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Symphony CMS vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via 1 the profile parameter to extensions/profiledevkit/content/content.profile.php, as...
GHSA-CMPM-JG8R-FV37 Apache Struts Multiple Cross-site Scripting Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...
Apache Struts Multiple Cross-site Scripting Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...
Fork CMS Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...
GHSA-J5FJ-M342-MGCM Fork CMS Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...