In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr Progress Tracker progress-tracker allows DOM-Based XSS.This issue affects Progress Track
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an applic
XSS vulnerability in DJ-HelpfulArticles component for Joomla.
Multiple XSS (CWE-79)
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Snipe-IT before 8.1.18 allows XSS.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Callback Request allows Reflected XSS. This issue affects Callback Request: from n/a thro
Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Griffiths Beacon For Help Scout beacon-for-helpscout allows DOM-Based XSS.This issue affects B
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields messag
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
Page 1+ Next →