#xss

The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via `src/helpers/Cp.php`.

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in `/admin/myaccount`.

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Version 4.2.1 contains a patch for this issue.