#xss

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify `helium.json` and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Open eShop version 2.7.0 suffers from a cross site scripting vulnerability.

HTMLy version 2.9.6 suffers from a persistent cross site scripting vulnerability.

Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.

Feng Office version 3.10.8.21 suffers from a persistent cross site scripting vulnerability.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.