The payload would then be triggered every time an authenticated user browses the page containing it. An attacker leveraging this vulnerability could inject arbitrary JavaScript. Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter.
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php q parameter in /user-ban-log.php query parameter in /log.php text parameter in /moresmiles.php q parameter in myhr.php or id parameter in /viewrequests.php. Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
0 kommentar(er)
