Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Some ASP.NET web applications that use the Control.ResolveUrl method to resolve app-root-relative paths are vulnerable to XSS.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page
References
Related Vulnerabilities
WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)
WordPress 4.4 Cross-Site Scripting Vulnerability (4.4)
WordPress Plugin Widget Shortcode Cross-Site Scripting (0.3.5)
WordPress Plugin SEO Ultimate Cross-Site Scripting (7.6.5.2)
WordPress Plugin iQ Block Country Cross-Site Scripting (1.1.19)