#xss

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user.

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.