A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
Max CVSS
5.4
EPSS Score
0.07%
Published
2023-12-12
Updated
2024-03-18
The course upload preview contained an XSS risk for users uploading unsafe data.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
Max CVSS
6.1
EPSS Score
0.92%
Published
2022-07-25
Updated
2022-12-21
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
Max CVSS
6.1
EPSS Score
0.31%
Published
2022-07-25
Updated
2022-12-21
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
Max CVSS
5.4
EPSS Score
0.09%
Published
2022-05-18
Updated
2022-12-21
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Max CVSS
6.8
EPSS Score
0.16%
Published
2021-11-23
Updated
2024-01-05
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Max CVSS
6.1
EPSS Score
0.38%
Published
2020-12-03
Updated
2022-08-06
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
Max CVSS
6.1
EPSS Score
0.09%
Published
2020-03-20
Updated
2020-03-25
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-03-20
Updated
2023-02-12
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
Max CVSS
4.7
EPSS Score
0.08%
Published
2020-03-18
Updated
2023-02-12
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
Max CVSS
6.1
EPSS Score
0.20%
Published
2018-06-11
Updated
2018-08-09
Pagure: XSS possible in file attachment endpoint
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-11-06
Updated
2019-11-08
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-02-20
Updated
2019-08-08
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a &#x3a; sequence.
Max CVSS
4.3
EPSS Score
0.41%
Published
2013-03-19
Updated
2019-08-08
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Max CVSS
4.3
EPSS Score
0.41%
Published
2013-03-19
Updated
2023-02-13
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Max CVSS
6.1
EPSS Score
0.27%
Published
2020-01-03
Updated
2020-01-14
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.58%
Published
2008-06-02
Updated
2017-09-29
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!