Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search searchnom field to 1 htdocs/societe/societe.php or 2 htdocs/societe/admin/societe.php...

GHSA-JQMR-WQGP-8MH2 phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...

GHSA-P632-5W74-X8XX phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

TYPO3 Backend component Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...

MoinMoin Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

GHSA-84JM-CPC5-C7G7 Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

Cherry Music Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...

Improper Neutralization of Input During Web Page Generation in RESTEasy

Cross-site scripting XSS vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-R346-RMRG-QPGH Improper Neutralization of Input During Web Page Generation in RESTEasy

Cross-site scripting XSS vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-4XH9-5VH8-3P58 Yii Framework Reflected XSS

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

GHSA-GCVP-CWGW-WX8J phpMyAdmin XSS Vulnerability

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

Apache Solr Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...

GHSA-4FXW-G29W-R8MX Apache Solr Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL...

Mayaa Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions...

EC-CUBE XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in 1 data/Smarty/templates/default/list.tpl and 2 data/Smarty/templates/default/campaign/bloc/carttag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-WGVV-5396-GGVJ EC-CUBE XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in 1 data/Smarty/templates/default/list.tpl and 2 data/Smarty/templates/default/campaign/bloc/carttag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-PCHF-755W-JJ6V QooxDoo XSS in Callback Parameter

Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...

GHSA-X24Q-XWRF-66JM Improper Neutralization of Input During Web Page Generation in Google Web Toolkit

Multiple cross-site scripting XSS vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit GWT before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...