An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by certain Project views, leading to unintended server-side POST requests or other unauthorized backend interactions. Successful exploitation requires an attacker to have access to the target GitHub Enterprise Server instance and to entice a privileged user to view crafted malicious content that includes conflicting HTML elements. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18.3, 3.17.9, 3.16.12, 3.15.16, and 3.14.21.
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance and privileged user interaction with the malicious elements. This vulnerability affected version 3.16.1 of GitHub Enterprise Server and was fixed in version 3.16.2. This vulnerability was reported via the GitHub Bug Bounty program.
An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. An attacker would require permissions to create or modify the names of milestones, issues, pull requests, or similar entities that are rendered in the vulnerable filter/search components. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.19.1, and 3.18.2, 3.17.8, 3.16.11, 3.15.15, and 3.14.20. This vulnerability was reported via the GitHub Bug Bounty program.
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have access to the target GitHub Enterprise Server instance and to entice a user, while operating in sudo mode, to click on a crafted malicious link to perform actions that require elevated privileges. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, 3.14.19.
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions.
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies.
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker.
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions.
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output."
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action.
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php.
Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.
An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1).
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page.
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions.
Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp.
Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.