27433 matches found
Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page
Cross-site scripting XSS vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name...
GHSA-XHC3-5PGF-P576 subrion CMS Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...
subrion CMS Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in subrion CMS Version = 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab...
GHSA-33JJ-92PX-M4G7 Craft CMS Cross-site Scripting Vulnerability
Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...
Craft CMS Cross-site Scripting Vulnerability
Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...
GHSA-WMH7-782F-XFW5 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
GHSA-4M44-5J2G-XF64 Improper Neutralization of Input During Web Page Generation in CKEditor4
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
Improper Neutralization of Input During Web Page Generation in CKEditor4
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
xxl-job Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...
Dolibarr stored Cross-Site Scripting (XSS) vulnerability
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...
GHSA-8R2W-PHX4-MGPV Dolibarr stored Cross-Site Scripting (XSS) vulnerability
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...
GHSA-X9Q4-5F3C-CW62 MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...
MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...
GHSA-79XR-V794-WQ35 MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting XSS vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters through which installed packages names and versions are reported...
GHSA-M396-2X3H-V3V4 Dolibarr reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in Dolibarr 11.0.4 and below allows remote attackers to inject arbitrary web script or HTML into public/notice.php related to transphrase and transkey...
GHSA-4HF3-229W-6H8R Dolibarr cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...
Dolibarr cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...
GHSA-VWH5-78JC-HPJX SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...