xss vulnerabilities and exploits

(subscribe to this query)

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths....

Xss Hunter Express Project Xss Hunter Express

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling...

Apache Sling Xss Protection Api Apache Sling Xss Protection Api 2.0.0 Apache Sling Xss Protection Api Compat 1.1.0

Sage X3 Stored XSS Vulnerability on â€˜Editâ€™ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates...

Sage Syracuse1 Article available

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be...

Montala Resourcespace Montala Resourcespace 9.6

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813....

Jenkins Jenkins Redhat Openshift

WordPress before 5.5.2 allows XSS associated with global variables....

Wordpress Wordpress Fedoraproject Fedora 31 Fedoraproject Fedora 32 Fedoraproject Fedora 33 Debian Debian Linux 9.0 Debian Debian Linux 10.0

WordPress before 5.5.2 allows stored XSS via post slugs....

Wordpress Wordpress Fedoraproject Fedora 31 Fedoraproject Fedora 32 Fedoraproject Fedora 33 Debian Debian Linux 9.0 Debian Debian Linux 10.01 Github repository available

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this...

Nextcloud Circles

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an...

Google Chrome3 Articles available

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML...

Google Chrome5 Github repositories available1 Article available

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook