Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-36713

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.

CVE
Open in Source
#xss#vulnerability#mac#js#java#auth
CVE-2021-36398

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

CVE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

CVE-2021-36399

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

CVE-2023-24737: CVE/PMB at main · AetherBlack/CVE

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.

CVE-2015-10095: Release 1.3.0: New version 1.3 fixing prettyPhoto XSS issue and video rendering · wp-plugins/woo-popup

A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327.

CVE-2021-35377: The Most Popular Open-Source Contact Center Solution in the World

Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.

CVE-2023-27472: Sanitise tree view text · atampy25/quickentity-editor-next@5303b45

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.

GHSA-hfxp-j95j-cwrp: uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

CVE-2023-1197

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.