CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3573 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.… | |||
| CVE-2017-3537 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Supported versions that are affected are 2.2.0.3.13, 2.3.0.0… | |||
| CVE-2017-3532 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Retail Warehouse Management System component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 14.0 and 15.0. Easily "… | |||
| CVE-2017-3530 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, … | |||
| CVE-2017-3501 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.0, 10.1, 15.1 and 15.2. Easily "e… | |||
| CVE-2017-3496 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affect… | |||
| CVE-2017-8103 | medium | 6.1 | 6.1 | 9y ago | In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | |||
| CVE-2017-7723 | medium | 6.1 | 6.1 | 9y ago | XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | |||
| CVE-2017-5191 | medium | 6.1 | 6.1 | 9y ago | An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||
| CVE-2017-8085 | medium | 6.1 | 6.1 | 9y ago | In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | |||
| CVE-2017-7944 | medium | 6.1 | 6.1 | 9y ago | XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | |||
| CVE-2017-8052 | medium | 6.1 | 6.1 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-7992 | medium | 6.1 | 6.1 | 9y ago | Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv pa… | |||
| CVE-2017-7409 | medium | 6.1 | 6.1 | 9y ago | Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | |||
| CVE-2017-6611 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the w… | |||
| CVE-2017-5183 | medium | 6.1 | 6.1 | 9y ago | NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | |||
| CVE-2017-7897 | medium | 6.1 | 6.1 | 9y ago | MantisBT XSS via my_view_page.php and view_user_page.php | |||
| CVE-2017-7891 | medium | 6.1 | 6.1 | 9y ago | sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | |||
| CVE-2017-7871 | medium | 6.1 | 6.1 | 9y ago | trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | |||
| CVE-2017-7626 | medium | 6.1 | 6.1 | 9y ago | The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | |||
| CVE-2017-3125 | medium | 6.1 | 6.1 | 9y ago | An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in F… | |||
| CVE-2017-7621 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different… | |||
| CVE-2017-7591 | medium | 6.1 | 6.1 | 9y ago | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/us… | |||
| CVE-2017-7590 | medium | 6.1 | 6.1 | 9y ago | OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | |||
| CVE-2017-7583 | medium | 6.1 | 6.1 | 9y ago | ILIAS before 5.2.3 has XSS via SVG documents. | |||
| CVE-2017-6604 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerab… | |||
| CVE-2017-3889 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vu… | |||
| CVE-2017-3848 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user … | |||
| CVE-2017-7579 | medium | 6.1 | 6.1 | 9y ago | inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||
| CVE-2017-7443 | medium | 6.1 | 6.1 | 9y ago | apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. | |||
| CVE-2017-7234 | medium | 6.1 | 6.1 | 9y ago | A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an ope… | |||
| CVE-2017-2475 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remo… | |||
| CVE-2017-2393 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks vi… | |||
| CVE-2017-7391 | medium | 6.1 | 6.1 | 9y ago | Magmi XSS Vulnerability | |||
| CVE-2017-7390 | medium | 6.1 | 6.1 | 9y ago | SocialNetwork Cross-Site Scripting (XSS) vulnerability | |||
| CVE-2017-7389 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'ope… | |||
| CVE-2017-7388 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/re… | |||
| CVE-2017-7387 | medium | 6.1 | 6.1 | 9y ago | TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | |||
| CVE-2017-7386 | medium | 6.1 | 6.1 | 9y ago | citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||
| CVE-2017-7363 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | |||
| CVE-2017-7362 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | |||
| CVE-2017-7361 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | |||
| CVE-2017-7360 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | |||
| CVE-2017-7359 | medium | 6.1 | 6.1 | 9y ago | Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||
| CVE-2017-7320 | medium | 6.1 | 6.1 | 9y ago | setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a … | |||
| CVE-2017-2687 | medium | 6.1 | 6.1 | 9y ago | Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induc… | |||
| CVE-2017-1120 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2017-7271 | medium | 6.1 | 6.1 | 9y ago | Yii Framework Reflected XSS | |||
| CVE-2017-6067 | medium | 6.1 | 6.1 | 9y ago | Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | |||
| CVE-2017-6003 | medium | 6.1 | 6.1 | 9y ago | dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||
| CVE-2017-2645 | medium | 6.1 | 6.1 | 9y ago | Moodle XSS in attachments to evidence of prior learning | |||
| CVE-2017-2644 | medium | 6.1 | 6.1 | 9y ago | Moodle XSS Vulnerability | |||
| CVE-2017-7266 | medium | 6.1 | 6.1 | 9y ago | Netflix Security Monkey Open Redirect vulnerability | |||
| CVE-2017-7251 | medium | 6.1 | 6.1 | 9y ago | Pi Cross-site Scripting vulnerability | |||
| CVE-2017-7250 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections… | |||
| CVE-2017-7249 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazell… | |||
| CVE-2017-7248 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/b… | |||
| CVE-2017-7247 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazell… | |||
| CVE-2017-7242 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.… | |||
| CVE-2017-5673 | medium | 6.1 | 6.1 | 9y ago | In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default… | |||
| CVE-2017-7222 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' i… | |||
| CVE-2017-7215 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4… | |||
| CVE-2017-7205 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.ph… | |||
| CVE-2017-7204 | medium | 6.1 | 6.1 | 9y ago | imdbphp Cross-Site Scripting (XSS) | |||
| CVE-2017-7203 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-maste… | |||
| CVE-2017-7202 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cen… | |||
| CVE-2017-3872 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS a… | |||
| CVE-2017-3868 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-ba… | |||
| CVE-2017-3866 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web int… | |||
| CVE-2017-6958 | medium | 6.1 | 6.1 | 9y ago | An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by cr… | |||
| CVE-2017-0110 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microso… | |||
| CVE-2017-0107 | medium | 6.1 | 6.1 | 9y ago | Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | |||
| CVE-2017-0055 | medium | 6.1 | 6.1 | 9y ago | Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, a… | |||
| CVE-2017-0017 | medium | 6.1 | 6.1 | 9y ago | The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge… | |||
| CVE-2017-5938 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2017-6909 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An … | |||
| CVE-2017-6908 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/se… | |||
| CVE-2017-6907 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker… | |||
| CVE-2017-6906 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An a… | |||
| CVE-2017-6905 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/too… | |||
| CVE-2017-6877 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. | |||
| CVE-2017-6807 | medium | 6.1 | 6.1 | 9y ago | mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site… | |||
| CVE-2017-5621 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using ei… | |||
| CVE-2017-5620 | medium | 6.1 | 6.1 | 9y ago | An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of exe… | |||
| CVE-2017-6820 | medium | 6.1 | 6.1 | 9y ago | rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. | |||
| CVE-2017-6818 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | |||
| CVE-2017-6815 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||
| CVE-2017-6812 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | |||
| CVE-2017-6811 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | |||
| CVE-2017-6810 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). | |||
| CVE-2017-6809 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | |||
| CVE-2017-6808 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | |||
| CVE-2017-6799 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | |||
| CVE-2017-6797 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' par… | |||
| CVE-2017-6591 | medium | 6.1 | 6.1 | 9y ago | There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | |||
| CVE-2017-6589 | medium | 6.1 | 6.1 | 9y ago | EpicEditor XSS Vulnerability | |||
| CVE-2017-6562 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | |||
| CVE-2017-6561 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | |||
| CVE-2017-6560 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | |||
| CVE-2017-6559 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. |