cross-site scripting vulnerabilities and exploits

(subscribe to this query)

NA

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka...

Microsoft Anti-cross Site Scripting Library 3.1 Microsoft Anti-cross Site Scripting Library 4.01 EDB exploit available

6.1

CVSSv3

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions...

Drupal Drupal

NA

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function....

Apple Cups 1.1.12 Apple Cups 1.1.13 Apple Cups 1.1.19 Apple Cups 1.1.20 Apple Cups 1.1.22 Apple Cups 1.1.5-2 Apple Cups 1.1.6 Apple Cups 1.1.6-1 Apple Cups 1.2 Apple Cups 1.2.11 Apple Cups 1.2.12 Apple Cups 1.2.9 Apple Cups 1.3 Apple Cups 1.3.2 Apple Cups 1.3.3 Apple Cups 1.4 Apple Cups 1.4.5 Apple Cups 1.4.6 Apple Cups 1.5.0 Apple Cups 1.5 Apple Cups 1.6 Apple Cups 1.1.1 Apple Cups 1.1.10 Apple Cups 1.1.16 Apple Cups 1.1.17 Apple Cups 1.1.2 Apple Cups 1.1.21 Apple Cups 1.1.3 Apple Cups 1.1.4 Apple Cups 1.1.7 Apple Cups 1.1.8 Apple Cups 1.2.0 Apple Cups 1.2.4 Apple Cups 1.2.5 Apple Cups 1.3.0 Apple Cups 1.3.1 Apple Cups 1.3.6 Apple Cups 1.3.7 Apple Cups 1.4.0 Apple Cups 1.4.1 Apple Cups 1.4.2 Apple Cups 1.5.4 Apple Cups 1.5.3 Apple Cups 1.6.4 Apple Cups 1.6.3 Apple Cups 1.7 Apple Cups 1.1 Apple Cups 1.1.14 Apple Cups 1.1.15 Apple Cups 1.1.23 Apple Cups 1.1.6-2 Apple Cups 1.1.6-3 Apple Cups 1.2.2 Apple Cups 1.2.3 Apple Cups 1.3.4 Apple Cups 1.3.5 Apple Cups 1.4.7 Apple Cups 1.4.8 Apple Cups 1.7.1 Apple Cups Apple Cups 1.7.0 Apple Cups 1.1.10-1 Apple Cups 1.1.11 Apple Cups 1.1.18 Apple Cups 1.1.5 Apple Cups 1.1.5-1 Apple Cups 1.1.9 Apple Cups 1.1.9-1 Apple Cups 1.2.1 Apple Cups 1.2.10 Apple Cups 1.2.6 Apple Cups 1.2.7 Apple Cups 1.2.8 Apple Cups 1.3.10 Apple Cups 1.3.11 Apple Cups 1.3.8 Apple Cups 1.3.9 Apple Cups 1.4.3 Apple Cups 1.4.4 Apple Cups 1.5.2 Apple Cups 1.5.1 Apple Cups 1.6.2 Apple Cups 1.6.1

6.1

CVSSv3

Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3....

Redhat Satellite 6.0.32 Github repositories available

6.1

CVSSv3

Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20....

Apache Struts

NA

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template....

Theforeman Foreman

5.4

CVSSv3

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

Fortinet Fortiwlm

6.1

CVSSv3

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0....

Parse-url Project Parse-url

6.1

CVSSv3

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions...

Drupal Drupal

6.1

CVSSv3

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

Apple Icloud Apple Itunes Apple Safari Apple Ipados Apple Iphone Os Apple Tvos Opensuse Leap 15.1 Webkitgtk Webkitgtk

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook