An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed Cross-Site Scripting (XSS) upon clicking on a link from a specially crafted live location message.
Tag: Cross-Site Scripting (XSS)
ASA-2019-00615 – Jenkins build-metrics Plugin: Reflected Cross-Site Scripting (XSS)
Jenkins build-metrics Plugin does not properly escape the label query parameter, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability.
ASA-2019-00512 – Apache HTTP Server: Limited Cross-Site Scripting (XSS) in mod_proxy error page
A limited Cross-Site Scripting (XSS) issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
ASA-2019-00476 – GLPI: Stored Cross-Site Scripting (XSS) in the profile picture name
ASA-2019-00455 – Squid: Multiple Cross-Site Scripting issues in cachemgr.cgi
Due to incorrect input handling Squid cachemgr.cgi tool is vulnerable to multiple Cross-Site Scripting attacks. This allows a malicious server to embed URLs in its content such that user credentials and other information can be extracted from a client or administrator with access to the Squid cachemgr.cgi tool URL.
ASA-2019-00441 – Mozilla Firefox: Character encoding XSS vulnerability
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering.
ASA-2019-00436 – Mozilla Firefox and Thunderbird: HTML parsing error can contribute to content XSS
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
ASA-2019-00418 – TYPO3: Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings. A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.