SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
Multiple XSS (CWE-79)
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
Snipe-IT before 8.1.18 allows XSS.
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser.
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields messag
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.
The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php.
InfoScale VIOM 9.1.3 allows XSS.
Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it.
Page 1+ Next →