27433 matches found
GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...
TYPO3 Flow Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow formerly FLOW3 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...
GHSA-5CMC-R23M-HVRR TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Jenkins cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...
GHSA-H3VG-4X76-V28W Dolibarr ERP and CRM contain XSS Vulnerability
Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...
Dolibarr ERP and CRM contain XSS Vulnerability
Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...
NodeBB Cross-site Scripting Vulnerability in Markdown Processing
Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...
Umbraco CMS vulnerable to stored XSS
Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...
GHSA-XJ94-RGF9-CQ37 Umbraco CMS vulnerable to stored XSS
Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...
GHSA-X4X9-4C65-73W8 Concrete5 Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Concrete5 Vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-R68M-4V39-CF43 TeamPass stored cross-site scripting (XSS) vulnerability
Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...
TeamPass stored cross-site scripting (XSS) vulnerability
Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
Cherry Music Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...
Djblets Cross-site scripting Vulnerability
A cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...
Xtend Cross-Site Scripting Vulnerability
Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...
GHSA-V3FG-X8JW-M974 Fork CMS XSS via Highlight Parameter
Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...
GHSA-GQMJ-F46X-WQHW phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature
Cross-site scripting XSS vulnerability in dbcentralcolumns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...