xss vulnerabilities and exploits

(subscribe to this query)

XSS Hunter Express prior to 2021-09-17 does not properly enforce authentication requirements for paths.

Xss Hunter Express Project Xss Hunter Express

The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.

Express Xss Sanitizer Project Express Xss Sanitizer

A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling X...

Apache Sling Xss Protection Api Apache Sling Xss Protection Api 2.0.0 Apache Sling Xss Protection Api Compat 1.1.0

Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

Mediawiki Mediawiki 1.15.0 Mediawiki Mediawiki 1.15.1 Mediawiki Mediawiki 1.15.2 Mediawiki Mediawiki 1.15.3 Mediawiki Mediawiki 1.16.0

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 prior to 1.15.4 and 1.16 prior to 1.16 beta 3 allows remote malicious users to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the ...

Mediawiki Mediawiki 1.15.0 Mediawiki Mediawiki 1.15.1 Mediawiki Mediawiki 1.15.2 Mediawiki Mediawiki 1.15.3 Mediawiki Mediawiki 1.16.0

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins prior to 1.438, and 1.409 LTS prior to 1.409.3 LTS, when a stand-alone container is used, allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.

Jenkins Jenkins 1.409.1 Jenkins Jenkins 1.409.2 Jenkins Jenkins

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.

Roundup-tracker Roundup Roundup-tracker Roundup 0.1.0 Roundup-tracker Roundup 0.1.1 Roundup-tracker Roundup 0.1.2 Roundup-tracker Roundup 0.1.3 Roundup-tracker Roundup 0.2.0 Roundup-tracker Roundup 0.2.1 Roundup-tracker Roundup 0.2.2 Roundup-tracker Roundup 0.2.3 Roundup-tracker Roundup 0.2.4 Roundup-tracker Roundup 0.2.5 Roundup-tracker Roundup 0.2.6

Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.

Sun Sunos 5.9 Sun Sunos 5.10

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin prior to 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

Moinmoin Moinmoin Moinmoin Moinmoin 1.5.0 Moinmoin Moinmoin 1.5.1 Moinmoin Moinmoin 1.5.2 Moinmoin Moinmoin 1.5.3 Moinmoin Moinmoin 1.5.3 Rc1 Moinmoin Moinmoin 1.5.3 Rc2 Moinmoin Moinmoin 1.5.4 Moinmoin Moinmoin 1.5.5 Moinmoin Moinmoin 1.5.5 Rc1 Moinmoin Moinmoin 1.5.5a

Cross-site scripting (XSS) vulnerability in IPython prior to 3.2 allows remote malicious users to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

Ipython Ipython

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook