27433 matches found
SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php
A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...
Zimbra Collaboration Suite Cross Site Scripting (CVE-2018-6882)
A cross-site scripting vulnerability exists in Zimbra Collaboration Suite. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
CVE-2008-3823
Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...
IPPlan Cross-Site Scripting Vulnerability
IPPlan is a web-based multilingual TCP IP address management IPAM software and tracking tool. Simplifying the management of the IP address space, IPPlan version 4.92b is vulnerable to a cross-site scripting vulnerability, which stems from a cross-site scripting XSS vulnerability found in...
GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
CVE-2021-42943
Stored cross-site scripting XSS in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
Apache Struts is vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...
GHSA-QJ7X-WM9Q-QJX8 Plone Cross-site Scripting vulnerability in PortalTransforms
Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...
Plone Cross-site Scripting vulnerability in PortalTransforms
Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...
GHSA-6RM6-MJMH-86JQ HTML Purifier Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
HTML Purifier Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 Page.py, 2 PageEditor.py, 3 PageGraphicalEditor.py, 4 action/CopyPage.py, 5...
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...
GHSA-PJMX-4GC6-HWV8 Drupal cross-site scripting vulnerability via actions feature and trigger module
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
Drupal cross-site scripting vulnerability via actions feature and trigger module
Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...
GHSA-7GFC-2V6G-6W9F Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code
Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...
Plone XSS Vulnerability
Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...
GHSA-CVWC-G7FW-7XRJ Plone XSS Vulnerability
Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...