#xss

### Impact Authenticated users can inject malicious code in widgets with units, which is then executed both in the element preview (back end) and on the website (front end). ### Patches Update to Contao 4.9.42, 4.13.28 or 5.1.10. ### Workarounds Disable login for all untrusted back end users. ### References https://contao.org/en/security-advisories/cross-site-scripting-in-widgets-with-units ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Maximilian Seilmaier from usd AG for reporting this vulnerability.

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.

Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.

WordPress WP Brutal AI plugin versions prior to 2.0.1 suffer from a cross site scripting vulnerability.

WordPress SEO Alert plugin versions 1.59 and below suffer from a persistent cross site scripting vulnerability.

WordPress WP Brutal AI plugin versions prior to 2.06 suffer from a persistent cross site scripting vulnerability.

WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.

WordPress Tablesome plugin versions prior to 1.0.9 suffer from a cross site scripting vulnerability.

WordPress Login Rebuilder plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.

WordPress Seo By 10Web plugin versions prior to 2.8.1 suffer from a persistent cross site scripting vulnerability.