CWE-79

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim’s API key and can lead to admin’s account takeover.

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.

NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine.

OX App Suite through 7.10.6 allows XSS by forcing block-wise read.

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.