#xss

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Uniview Equipment: NVR301-04S2-P4 Vulnerability: Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Uniview NVR, a network video recorder, is affected: NVR301-04S2-P4: Versions prior to NVR-B3801.20.17.240507 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 The affected product is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are ...

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting.

Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this vulnerability.

Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this vulnerability.

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…