Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-23179 |
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. Published: January 12, 2024; 1:15:47 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23178 |
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. Published: January 12, 2024; 1:15:47 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23177 |
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. Published: January 12, 2024; 1:15:47 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23174 |
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. Published: January 12, 2024; 12:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23173 |
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. Published: January 12, 2024; 12:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-23172 |
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. Published: January 12, 2024; 12:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-23171 |
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). Published: January 12, 2024; 12:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-22199 |
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. Published: January 11, 2024; 1:15:45 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22195 |
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. Published: January 10, 2024; 10:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-52274 |
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. Published: January 10, 2024; 10:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-51252 |
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. Published: January 10, 2024; 4:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-41781 |
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. Published: January 10, 2024; 2:15:49 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22370 |
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible Published: January 09, 2024; 5:15:23 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6148 |
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data Published: January 09, 2024; 4:15:42 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-52198 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. Published: January 08, 2024; 4:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-52197 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0. Published: January 08, 2024; 4:15:10 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-52196 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12. Published: January 08, 2024; 4:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-27739 |
easyXDM 2.5 allows XSS via the xdm_e parameter. Published: January 08, 2024; 4:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-52213 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. Published: January 08, 2024; 3:15:45 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-52203 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5. Published: January 08, 2024; 3:15:45 PM -0500 |
V3.1: 4.8 MEDIUM V2.0:(not available) |