27433 matches found
WSO2 Carbon vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...
Plone XSS
Cross-site scripting XSS vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
Plone vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
MantisBT Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in manageprojcatadd.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action...
GHSA-C78G-QWPW-2JGV Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...
GHSA-6WFJ-2MW7-P5CG phpMyAdmin micro history Implementation XSS Vulnerability
Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...
GHSA-MWM8-36C5-J5CF phpMyAdmin Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...
phpMyAdmin Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message...
GHSA-6Q2J-8H8Q-46MR phpMyAdmin vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...
phpMyAdmin XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...
GHSA-PW34-QF6C-84FC phpMyAdmin XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
GHSA-PVR5-84GR-G985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
phpMyAdmin cross-site scripting vulnerability in crafted view name
A cross-site scripting XSS vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js...
GHSA-Q586-XPWR-JC3J phpMyAdmin cross-site scripting vulnerability in crafted view name
A cross-site scripting XSS vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js...
GHSA-4VWQ-X64Q-J4CJ Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
Subrion CMS Cross-site scripting in search
A cross-site scripting XSS vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to subrion/search/...
GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts
Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...