#xss

Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.

Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.

DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php.

### Summary In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. ### Details In the `/license/` endpoint, the `license_details_view` function is vulnerable to a potential cross-site scripting (XSS) attack due to inadequate validation and sanitization of the `key` parameter. This vulnerability arises when attempting to access a key with malicious javascript. ```python def license_details_view(request, key): """ Display all available information about a given license `key` followed by the full license text. """ licenses = get_licenses() try: data = saneyaml.dump(licenses[key].to_dict()) text = licenses[key].text except KeyError: return HttpResponseNotFound(f"License {key} not found.") # Leads to cross-site scripting when key is malicious javascript re...

Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2023-4651-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.