#xss

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

The course upload preview contained an XSS risk for users uploading unsafe data.

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.