Tag
#xss
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
### Impact `DisplayName` allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. ### Patches `DisplayName` is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds Check and update the existing users' display names that contain malicious characters. ### References N/A ### For more information If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/pull/7009.
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.
WordPress Download Manager versions 3.2.42 and below suffer from a cross site scripting vulnerability.