#xss

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.

Mastery LMS version 1.2 suffers from a cross site scripting vulnerability.

Academy LMS version 5.15 suffers from a cross site scripting vulnerability.

Articart version 2.0.1 suffers from cross site scripting and open redirection vulnerabilities.

Atlas Business Directory Listing version 2.13 suffers from cross site scripting vulnerabilities.

Ekushey Project Manager CRM version 5.0 suffers from a persistent cross site scripting vulnerability.

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.