14 matches found
GHSA-JVF5-RXVV-3MCG TYPO3 HTML Sanitizer allows Cross-site Scripting
When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...
CVE-2026-43862
In mutt before 2.3.2, the imapauthgss security level is mishandled...
Linux Distros Unpatched Vulnerability : CVE-2026-43864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mutt before 2.3.2 has a showsigsummary NULL pointer dereference. CVE-2026-43864 Note that Nessus relies on the presence of the package as reported by the vendor...
Orejime 跨站脚本漏洞
Orejime is an open source user consent management tool from Boscop. A cross-site scripting vulnerability exists in Orejime versions prior to 2.3.2, which stems from embedded javascript code in the data attribute and could lead to the execution of malicious code...
GO-2025-3857 OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao
OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
PYSEC-2023-3
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...
PT-2023-7467
Name of the Vulnerable Software and Affected Versions Apache Airflow Drill Provider versions prior to 2.3.2 Description The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information...
joplin 跨站请求伪造漏洞
Joplin is an open source notes and to-do list application. A security vulnerability exists in versions of joplin prior to 2.3.2 that stems from the application's lack of various forms of CSRF checking, leaving it vulnerable to cross-site request forgery attacks...
WordPress 插件跨站脚本漏洞
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Elementor Addons-PowerPack Addons for Elementor plugin versions prior to 2.3.2. An attacker can exploit this vulnerability to launch a cross-site scripting attack...
Magento cross-site scripting vulnerability (CNVD-2019-26246)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2.2...
Magento Information Disclosure Vulnerability (CNVD-2019-26228)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . An information disclosure vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, a...
Magento Input Validation Error Vulnerability (CNVD-2019-39390)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...
Magento Input Validation Error Vulnerability (CNVD-2019-39385)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...
Magento Code Execution Vulnerability (CNVD-2019-39396)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A security vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and version 2.3...