#xss

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts **if** another user opened a link. The attacker could potentially take over the account of the user that clicked the link. The Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. The vulnerability has been fixed in version 2.2.2. As a workaround, you can block access to non image files via a reverse proxy in the `./image` directory.

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos 0.9.0 and prior.

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.

Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.

A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.