Vulmon Recent Vulnerabilities Trends Blog About Contact

cross-site scripting vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2012-0007
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka...
Microsoft Anti-cross Site Scripting Library 3.1Microsoft Anti-cross Site Scripting Library 4.0
NA
CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function....
Apple Cups 1.1Apple Cups 1.1.1Apple Cups 1.1.2Apple Cups 1.1.3Apple Cups 1.1.4Apple Cups 1.1.5Apple Cups 1.1.5-1Apple Cups 1.1.5-2Apple Cups 1.1.6Apple Cups 1.1.6-1Apple Cups 1.1.6-2Apple Cups 1.1.6-3Apple Cups 1.1.7Apple Cups 1.1.8Apple Cups 1.1.9Apple Cups 1.1.9-1Apple Cups 1.1.10Apple Cups 1.1.10-1Apple Cups 1.1.11Apple Cups 1.1.12Apple Cups 1.1.13Apple Cups 1.1.14Apple Cups 1.1.15Apple Cups 1.1.16Apple Cups 1.1.17Apple Cups 1.1.18Apple Cups 1.1.19Apple Cups 1.1.20Apple Cups 1.1.21Apple Cups 1.1.22Apple Cups 1.1.23Apple Cups 1.2Apple Cups 1.2.0Apple Cups 1.2.1Apple Cups 1.2.2Apple Cups 1.2.3Apple Cups 1.2.4Apple Cups 1.2.5Apple Cups 1.2.6Apple Cups 1.2.7Apple Cups 1.2.8Apple Cups 1.2.9Apple Cups 1.2.10Apple Cups 1.2.11Apple Cups 1.2.12Apple Cups 1.3Apple Cups 1.3.0Apple Cups 1.3.1Apple Cups 1.3.2Apple Cups 1.3.3Apple Cups 1.3.4Apple Cups 1.3.5Apple Cups 1.3.6Apple Cups 1.3.7Apple Cups 1.3.8Apple Cups 1.3.9Apple Cups 1.3.10Apple Cups 1.3.11Apple Cups 1.4Apple Cups 1.4.0Apple Cups 1.4.1Apple Cups 1.4.2Apple Cups 1.4.3Apple Cups 1.4.4Apple Cups 1.4.5Apple Cups 1.4.6Apple Cups 1.4.7Apple Cups 1.4.8Apple Cups 1.5Apple Cups 1.5.0Apple Cups 1.5.1Apple Cups 1.5.2Apple Cups 1.5.3Apple Cups 1.5.4Apple Cups 1.6Apple Cups 1.6.1Apple Cups 1.6.2Apple Cups 1.6.3Apple Cups 1.6.4Apple Cups 1.7Apple Cups 1.7.0Apple CupsApple Cups 1.7.1
6.1
CVSSv3
CVE-2015-5169
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....
Apache Struts
6.1
CVSSv3
CVE-2014-0141
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3....
Redhat Satellite 6.0.3
6.1
CVSSv3
CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection...
Ejs Ejs
NA
CVE-2014-3653
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template....
Theforeman Foreman
6.1
CVSSv3
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection....
Doxygen Doxygen
4.8
CVSSv3
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages....
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-26407
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...
Gitlab Gitlab
6.1
CVSSv3
CVE-2020-3867
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...
Apple IcloudApple ItunesApple SafariApple IpadosApple Iphone OsApple TvosOpensuse Leap 15.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationTCPCVE-2020-4865CVE-2021-3297CVE-2018-15473CVE-2021-3317CVE-2021-23240denial of serviceCVE-2020-16107