Cross-site Scripting (XSS)

starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...

Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

The vulnerability of the Sanitize library for the Ruby programming language allows a hacker to circumvent the restrictions on the use of HTML attributes.

The vulnerability of the Sanitize library for the Ruby programming language is related to input validation errors. Exploiting this vulnerability could allow an attacker to circumvent the specified restrictions on the use of HTML attributes...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...