In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content.

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC * go to the alert manager * open the ITSM tab * add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters) * click add * click apply * create a test alert * The test alert will run the command “id | tee /tmp/ttttttddddssss” as root. * after the test alert inspect /tmp/ttttttddddssss it'll contain the ids of the root user.

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization.

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.