#xss

Ubuntu Security Notice 5482-1 - It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. Charles Fol and Theo Gordyjan discovered that SPIP is vulnerable to cross site scripting. If a user were tricked into browsing a malicious SVG file, an attacker could possibly exploit this issue to execute arbitrary code. This issue was only fixed in Ubuntu 21.10.

Gentics CMS version 5.36.29 suffers from persistent cross site scripting and unsafe java deserialization vulnerabilities.

SolarView Compact version 6.00 suffers from multiple cross site scripting vulnerabilities.

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup)