27433 matches found
GHSA-7W89-QQXX-C62R Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...
GHSA-MR4J-7JJV-24M7 Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...
Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
GHSA-FH5C-7GMG-XMP6 Kallithea cross-site scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...
Symphony CMS XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...
Silverstripe CMS XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...
GHSA-4C5W-QQFG-GRF3 Symphony CMS XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...
GHSA-GVC8-XJFP-6569 Silverstripe CMS XSS Vulnerability
Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...
Moodle vulnerable to XSS via bundled spikephpcoverage library
Cross-site scripting XSS vulnerability in the Spike PHPCoverage aka spikephpcoverage library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-MX5G-3VXH-RGM8 Moodle vulnerable to XSS via bundled spikephpcoverage library
Cross-site scripting XSS vulnerability in the Spike PHPCoverage aka spikephpcoverage library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Moodle vulnerable to Cross-Site Scripting
Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...
GHSA-H6PX-PVFH-Q2JV Moodle vulnerable to Cross-Site Scripting
Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...
phpCAS client library and Moodle Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
GHSA-6656-6QWX-4C2M Moodle XSS In Tag Autocomplete functionality
Cross-site scripting XSS vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-45CH-HXGR-VX8J phpCAS client library and Moodle Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
Moodle vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
GHSA-89F3-74M6-G27G Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...
YUI Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...