Tag
#xss
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions.
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions.
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.