InfoScale VIOM 9.1.3 allows XSS.
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser.
The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
Lack of input filtering leads to an XSS vector in the HTML filter code.
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking applicatio
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
Page 1+ Next →