Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.
Kategorie: CWE-79
CVE-2013-4492
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
CVE-2018-18262
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
CVE-2018-20339
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
CVE-2018-19921
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
CVE-2018-18716
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
CVE-2018-18715
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
CVE-2018-19288
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
CVE-2018-19615
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâ??s web browser to gain access to the affected device.
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.