#xss

Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.

Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.

actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this [commit](https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4). There are no known workarounds for this issue.

A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347.

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.

Dinstar FXO Analog VoIP Gateway version DAG2000-16O suffers from a persistent cross site scripting vulnerability.

ERP Sankhya versions 4.13.x and below suffer from a cross site scripting vulnerability.

HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds.

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.