Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Some ASP.NET web applications that use the Control.ResolveUrl method to resolve app-root-relative paths are vulnerable to XSS.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page
References
Related Vulnerabilities
WordPress Plugin Advanced ads Management by Inazo Cross-Site Scripting (1.3)
WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)
WordPress Plugin WP125 Multiple Cross-Site Scripting Vulnerabilities (1.4.4)
WordPress Plugin Unlimited Pop-Ups Multiple Cross-Site Scripting Vulnerabilities (1.4.3)