DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.