27433 matches found
GHSA-QFR3-29W6-HWPG Typo3 Exception Handler XSS
Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...
GHSA-7W6C-5PR4-7QVP Typo3 Backend XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Install Tool XSS Vulnerability
Cross-site scripting XSS vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross-site scripting in yui 2.4.0
Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207...
Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-GW2Q-CGVQ-9G3V Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter...
Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link...
GHSA-W563-RQ37-CVQ5 Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Backend API XSS Vulnerability
Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Typo3 Backend History Module Vulnerable to XSS
Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-QMMW-CH2Q-J6XX Typo3 Backend API XSS Vulnerability
Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
GHSA-MFHR-3XMC-R2GG Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...
GHSA-4894-5VQC-6R2R Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
GHSA-RVRJ-J7CC-236P DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...
Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the Static Methods since 2007 div2007 extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3libdiv::quoteJSvalue function...
GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...