GHSA-5CMC-R23M-HVRR TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

TYPO3 Flow Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow formerly FLOW3 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

GHSA-H3VG-4X76-V28W Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

NodeBB Cross-site Scripting Vulnerability in Markdown Processing

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

GHSA-XJ94-RGF9-CQ37 Umbraco CMS vulnerable to stored XSS

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

GHSA-R68M-4V39-CF43 TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cherry Music Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...

Xtend Cross-Site Scripting Vulnerability

Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...

GHSA-V3FG-X8JW-M974 Fork CMS XSS via Highlight Parameter

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature

Cross-site scripting XSS vulnerability in dbcentralcolumns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

GHSA-GQMJ-F46X-WQHW phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature

Cross-site scripting XSS vulnerability in dbcentralcolumns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Grav CMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

GeniXCMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

GHSA-P2FM-8RHJ-58FR Dolibarr Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php...

Dolibarr Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php...