27433 matches found
Cross-site Scripting in Apache Struts
Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...
GHSA-9M82-F3WX-P625 LibreNMS XSS Vulnerability
Persistent Cross-Site Scripting XSS issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboardname parameter in the /ajaxform.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and...
Jenkins vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors...
Jenkins Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-WRRJ-R2J4-969W Umbraco CMS vulnerable to stored XSS
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
Umbraco CMS vulnerable to stored XSS
Persistent cross-site scripting XSS vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content Blog, Content Page, etc.. The vulnerability is exploited when updating or removing public access of a content...
GHSA-3V8X-286H-9PXP Dolibarr stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...
Dolibarr stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...
GHSA-4XFW-599Q-FMP6 Dolibarr stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...
Dolibarr reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php...
GHSA-2GC5-3H3P-8VPF Dolibarr reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php...
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
Improper Neutralization of Input During Web Page Generation in Spring Framework
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Multiple cross-site scripting XSS vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...
GHSA-8JFM-RGMG-3WQ2 Apache Archiva vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in Apache Archiva prior to version 2.2.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnectorcommit.action...
GHSA-G78H-PF65-46RV Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
The Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a...
GHSA-4CJ8-779H-R25H Cross-site Scripting in Pivotal Spring Batch Admin
Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...
Improper Neutralization of Input During Web Page Generation in IPython
Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...
GHSA-66GW-5XPF-GFP5 Improper Neutralization of Input During Web Page Generation in IPython
Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...